Feed›Vulnerability›A Vulnerability in PAN-OS Could Allow for Remote Code Execut...

VulnerabilityCIS Advisories

9.0 — CRITICAL

A Vulnerability in PAN-OS Could Allow for Remote Code Execution

📅 6 May 2026 at 22:07 UTC📰 CIS AdvisoriesView original source ↗

A vulnerability has been discovered in the PAN-OS Authentication Portal (aka Captive Portal) service that could allow for remote code execution. PAN-OS is the operating system that runs Palo Alto Networks next-generation firewalls. Successful exploitation could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A buffer overflow vulnerability in the PAN-OS Authentication Portal service allows an unauthenticated attacker to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls, posing a significant risk to government and business entities.

⚙️Technical Details

💥Impact Assessment

Severity: Unknown

🛡️Recommended Actions

1Restrict User-ID Authentication Portal access to only trusted zones.

2Disable User-ID Authentication Portal if not required.

3Apply appropriate updates provided by Palo Alto or other vendors as soon as available.

📦Affected Products

Product Name: PAN-OSVersion Range:12.1 < 12.1.4-h512.1 < 12.1.711.2 < 11.2.4-h1711.2 < 11.2.7-h1311.2 < 11.2.10-h611.2 < 11.2.1211.1 < 11.1.4-h3311.1 < 11.1.6-h3211.1 < 11.1.7-h611.1 < 11.1.10-h2511.1 < 11.1.13-h511.1 < 11.1.1510.2 < 10.2.7-h3410.2 < 10.2.10-h3610.2 < 10.2.13-h2110.2 < 10.2.16-h710.2 < 10.2.18-h6

🔐NVD Verified DataVERIFIED

CVE-2026-0300 ↗

Weaknesses

CWE-787

Read the full article

This is a curated summary. The complete article is available at CIS Advisories.

Read on CIS Advisories ↗

← Back to feed