CVE-2026-0300 | VulnIntel — VulnIntel

CVE-2026-0300

CRITICAL

KEV

KISA

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by r

설명

The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses.

Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.

Score Summary

CVSS Score: 9.3
Version: 4.0
Risk Score: 7.65
Attack Vector: 네트워크 공격
낮은 복잡도
권한 불필요
사용자 상호작용 불필요

Details

Published: 05/06/2026(10 days ago)
Modified: 05/12/2026(4 days ago)
Source: KEV, NVD, KISA
Products: 50

CISA KEV Listing

Vendor / Project: Palo Alto Networks
Product: PAN-OS

Date Added: 05/06/2026
Due Date: 05/09/2026Overdue 8d

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Until the vendor releases an official fix, the following workaround should be implemented: - Restrict User-ID Authentication Portal access to only trusted zones. - Disable User-ID Authentication Portal if not required. 5/13/2026: Palo Alto has released a variety of patches. If these are relevant to your environment, please apply the designated patch.

Listed in KISA bulletin

This CVE is referenced in a KISA security bulletin (Korean only).

Bulletin ID: 72044
Published: 2026-05-06

boho.or.kr

Vulnerability Lifecycle

CISA KEVKEV Listed05/06/2026
NVDPublished05/06/2026
KISA

Score Comparison by Source

Source	CVSS Version	Base Score	Severity	Vector String	Assessment Date
NVDNIST	4.0	9.3	CRITICAL	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Red	05/13/2026
NVDNIST

CWE Weakness Classification

CWE-787
NVD
Secondary

References (3)

NVD
Mitigation
https://security.paloaltonetworks.com/CVE-2026-0300
NVD
Third Party Advisory
https://cert-portal.siemens.com/productcert/html/ssa-967325.html
NVD

Affected Products (50)