Advisories 6 May 2026 / 0 Comments

PAN-OS User-ID Authentication Portal Buffer Overflow Zero-Day Under Active Exploitation (CVE-2026-0300)

Scope: Palo Alto Networks PAN-OS (PA-Series and VM-Series Firewalls)

Severity: Red

An unpatched zero-day buffer overflow vulnerability (CVSS 9.3) in the PAN-OS User-ID Authentication Portal allows unauthenticated remote attackers to execute arbitrary code with root privileges on internet-exposed PA-Series and VM-Series firewalls by sending specially crafted packets, with Palo Alto Networks confirming limited in-the-wild exploitation against portals exposed to untrusted IP addresses. Exploitation is automatable and requires no user interaction or credentials, providing attackers with a complete firewall takeover and a beachhead for lateral movement. As patches are not expected until May 13–28, 2026, organizations should immediately restrict Authentication Portal access to trusted internal zones only, or disable the portal entirely if not required; Prisma Access, Cloud NGFW, and Panorama are not affected.

The Uganda National CERT and Coordination Center (CERT.UG/CC) encourages users and administrators to review the recommendations and apply the necessary updates.

PAN-OS User-ID Authentication Portal Buffer Overflow Zero-Day Under Active Exploitation (CVE-2026-0300)

Cloudz RAT "Pheno" Plugin Hijacking Windows Phone Link to Steal OTPs and Credentials

Recent Advisories

Categories

Contact info

Useful Links

Subscribe to our Mailing List

PAN-OS User-ID Authentication Portal Buffer Overflow Zero-Day Under Active Exploitation (CVE-2026-0300)

RELATED ADVISORIES

Cloudz RAT "Pheno" Plugin Hijacking Windows Phone Link to Steal OTPs and Credentials

Recent Advisories

Categories