Palo Alto Networks has disclosed a critical buffer overflow vulnerability (CVE-2026-0300) in the User-ID™ Authentication Portal (Captive Portal) component of PAN-OS.

ArcticWolf's platform is a central hub for cybersecurity professionals, offering insights into managed detection and response (MDR), threat intelligence, and security operations. Through articles, reports, and webinars, ArcticWolf offers insights into detecting and responding to cybersecurity threats effectively. Security analysts can learn about threat hunting, incident response strategies, and security best practices to protect organizations from cyberattacks.

Arctic Wolf

Palo Alto Networks disclosed a critical buffer overflow vulnerability (CVE-2026-0300) in the User-ID Authentication Portal (Captive Portal) component of PAN-OS. The flaw allows unauthenticated remote attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls by sending specially crafted packets. Active exploitation has been confirmed, and CISA has added it to the Known Exploited Vulnerabilities catalog with a federal remediation deadline of May 9, 2026. Prisma Access, Cloud NGFW, and Panorama are not affected. Patches are expected between May 13–28 depending on the PAN-OS version. Workarounds include restricting Authentication Portal access to trusted zones, disabling Response Pages on untrusted interfaces, or disabling the portal entirely if unused.