Out-of-bounds write in Palo Alto PAN-OS - CVE-2026-0300
Published: May 6, 2026
Vulnerability identifier: #VU130217
CSH Severity: Critical
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/U:Red
CVE-ID: CVE-2026-0300
CWE-ID: CWE-787
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: Palo Alto Networks, Inc.
Affected software:
Palo Alto PAN-OS
Palo Alto PAN-OS
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the User-ID Authentication Portal (aka Captive Portal) service. A remote attacker can send specially crafted packets to the device, trigger an out-of-bounds write and execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls.
Note, the vulnerability is being actively exploited in the wild.
How to mitigate CVE-2026-0300
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vendor plans to release fixes on May 13 and May 28.