CRITICALCVE-2026-0300Published Modified CNA palo_alto
CVE-2026-0300: PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.
Metrics
- CVSS v4.0
- 9.3
- Severity
- CRITICAL
- Fixed in
- *
- Affected Products
- 3
Fix available
*10.2.18-h611.1.1511.2.1212.1.7All
Affected packages
- Palo Alto Networks / Cloud NGFWFixed in All
- Palo Alto Networks / PAN-OS< 12.1.7 (from 12.1.0) · < 11.2.12 (from 11.2.0) · < 11.1.15 (from 11.1.0) · < 10.2.18-h6 (from 10.2.0)
- Palo Alto Networks / Prisma AccessFixed in All
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A/AU:Y/R:U/V:C/RE:M/U:RedReferences