"The vulnerability has been described as a buffer overflow affecting the User-ID Authentication Portal (Captive Portal) service of PAN-OS software, allowing an unauthenticated attacker to execute malicious code with root privileges via specially crafted packets."
"Limited exploitation has been observed targeting Palo Alto Networks User-ID Authentication Portals that are exposed to untrusted IP addresses and/or the public internet, indicating that a flaw has been leveraged in highly targeted attacks by sophisticated threat actors."
"The vendor is aiming to release the first round of patches on May 13, with a second round of fixes estimated for May 28, significantly reducing the risk of exploitation."
Palo Alto Networks is developing patches for a critical zero-day vulnerability, CVE-2026-0300, affecting the User-ID Authentication Portal of PAN-OS software. This buffer overflow vulnerability impacts PA and VM series firewalls, enabling unauthenticated attackers to execute malicious code with root privileges. Limited exploitation has been observed, indicating targeted attacks by sophisticated threat actors. The company plans to release patches on May 13 and May 28. Only specific firewalls are affected, and limiting access to trusted IPs can reduce risks. Other Palo Alto products are not impacted by this vulnerability.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]