InfoSecBulletin Cybersecurity for mankind
A critical flaw in Palo Alto Networks PAN-OS is putting business firewalls at risk. It lets unverified attackers run any code they want with full control.
Tracked as CVE-2026-0300 is a buffer overflow vulnerability in the User-IDâ„¢ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software which allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
The vulnerability stems from a buffer overflow issue (CWE-787) in the authentication portal component.
Affected Versions
The security flaw affects many versions of PAN-OS, such as 10.2, 11.1, 11.2, and 12.1 before some updates were fixed. But, Prisma Access, Cloud NGFW, and Panorama devices are secure.
However, exploitation is only possible when certain configurations are in place:
- The User-ID Authentication Portal is on (in either transparent or redirect mode).
- A management interface profile with “response pages” on is linked to an interface that faces untrusted or internet areas.
This mix makes it possible for attackers to reach the system and start a buffer overflow from afar.
Patches and Mitigation
Palo Alto Networks has launched updates for the affected versions, with more fixes coming by May 28, 2026. Companies should upgrade right away to the fixed versions like:
PAN-OS 12.1.4-h5 or 12.1.7+
PAN-OS 11.2.4-h17, 11.2.7-h13, or 11.2.12+
PAN-OS 11.1.4-h33, 11.1.6-h32, or 11.1.15+
PAN-OS 10.2.7-h34 or 10.2.18-h6+
For environments where patching is delayed, Palo Alto recommends the following mitigations:
Restrict User-ID Authentication Portal access to trusted internal networks only.
Disable response pages on interfaces exposed to untrusted traffic.
Completely disable the authentication portal if not required.
Enable Threat ID 510019 (Applications and Threats version 9097-10022) for detection and blocking.
