Palo Alto Networks is preparing patches for a critical PAN-OS zero-day, CVE-2026-0300, a buffer overflow in the User-ID Authentication Portal that can allow unauthenticated attackers to execute code as root on affected PA and VM series firewalls. The vendor reported limited targeted exploitation of internet-exposed portals, plans a first-round fix on May 13 and a second-round fix on May 28, and says Prisma Access, Cloud NGFW, and Panorama are not affected. #PaloAltoNetworks #CVE-2026-0300
Keypoints
- CVE-2026-0300 is a buffer overflow in the User-ID Authentication Portal allowing unauthenticated root code execution on PA and VM series firewalls.
- Palo Alto Networks observed limited exploitation targeting portals exposed to untrusted IPs or the public internet.
- The vendor plans to release patches on May 13 (first round) and May 28 (second round).
- Prisma Access, Cloud NGFW, and Panorama appliances are not affected by this vulnerability.
- Mitigation includes restricting access to the User-ID Authentication Portal to trusted internal IP addresses.
Read More: https://www.securityweek.com/palo-alto-networks-to-patch-zero-day-exploited-to-hack-firewalls/