Exposures › CVE-2026-0300
Palo Alto Networks PAN-OS allows unauthenticated attackers to execute arbitrary root code via an out-of-bounds write in the User-ID Authentication Portal.
This critical vulnerability enables remote code execution with root privileges on firewalls without authentication, directly threatening DIB network perimeters and violating NIST 800-171 confidentiality and integrity controls. Organizations must immediately patch PAN-OS to prevent unauthorized access to sensitive systems.
Shame score — A critical RCE vulnerability in a widely deployed firewall product that allows unauthenticated attackers to gain root access represents a severe security failure.
Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.
| Product | Provider | Status | Match |
|---|---|---|---|
| GCS-HIGH | Palo Alto Networks, Inc. | Ready | vendor-exact · 0.90 |
| Palo Alto Networks Government Cloud Services | Palo Alto Networks, Inc. | Authorized | vendor-exact · 0.90 |