"A buffer overflow vulnerability in the User-ID Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets."
"Customers following standard security best practices, such as restricting sensitive portals to trusted internal networks are at a greatly reduced risk."
Palo Alto Networks has identified a critical buffer overflow vulnerability in its PAN-OS software, tracked as CVE-2026-0300. This vulnerability enables unauthenticated remote code execution, particularly affecting the User-ID Authentication Portal. The CVSS score is 9.3 if the portal is accessible from the internet. Limited exploitation has been reported, targeting publicly accessible instances. Affected versions include PAN-OS 12.1, 11.2, 11.1, and 10.2. Fixes are expected to be released starting May 13, 2026. Users are advised to restrict access to reduce risk.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]