Ethical Hacking News
A critical buffer overflow vulnerability in Palo Alto Networks' PAN-OS software has been exploited in the wild. The vulnerability carries a CVSS score of 9.3 if User-ID Authentication Portal is configured for public access, and Palo Alto Networks plans to release fixes starting May 13, 2026.
The CVE-2026-0300 buffer overflow vulnerability in Palo Alto Networks' PAN-OS software has a CVSS score of 9.3, making it critical. The vulnerability allows an unauthenticated attacker to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls. The vulnerability affects several versions of PAN-OS software, including PAN-OS 12.1 - 12.1.4-h5, PAN-OS 11.2 - 11.2.7-h13, and PAN-OS 11.1 - 11.1.7-h6. Palo Alto Networks plans to release fixes starting May 13, 2026. Users should restrict User-ID Authentication Portal access to trusted zones or disable it entirely if not required until a fix is available.
The cybersecurity landscape is perpetually navigating a complex web of vulnerabilities and exploits, with new threats emerging on an almost daily basis. In recent times, Palo Alto Networks has found itself at the center of attention due to a critical buffer overflow vulnerability in its PAN-OS software that has been exploited in the wild. The vulnerability, tracked as CVE-2026-0300, carries a CVSS score of 9.3 if the User-ID Authentication Portal is configured to enable access from the internet or any untrusted network, while the severity drops down to 8.7 if access to the portal is restricted to only trusted internal IP addresses.
According to Palo Alto Networks, this critical vulnerability arises due to a buffer overflow in the User-ID Authentication Portal service of its PAN-OS software. This issue allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The company noted that the vulnerability has come under "limited exploitation," specifically targeting instances where the User-ID Authentication Portal has been left publicly accessible.
The impact of this vulnerability is significant, as it potentially allows attackers to execute malicious code on Palo Alto Networks devices without being authenticated or requiring a password. This can lead to a range of potential consequences, from unauthorized access to sensitive data and systems, to the potential for the device to be compromised and used as a stepping stone for further attacks.
Palo Alto Networks has confirmed that the vulnerability affects several versions of its PAN-OS software, including PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7; PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12; and PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15. The company has also stated that the vulnerability is applicable only to PA-Series and VM-Series firewalls that are configured to use the User-ID Authentication Portal.
In light of this critical vulnerability, Palo Alto Networks plans to release fixes starting May 13, 2026. However, for users in the short term, it is advisable to either restrict User-ID Authentication Portal access to only trusted zones or disable it entirely if it's not required. This proactive approach can help mitigate the risk associated with this vulnerability and prevent potential attacks.
It is also worth noting that customers following standard security best practices, such as restricting sensitive portals to trusted internal networks, are at a greatly reduced risk. This highlights the importance of maintaining robust security measures and staying up-to-date with the latest patches and updates from reputable vendors.
The ongoing threat landscape underscores the need for organizations to stay vigilant and proactive in addressing emerging vulnerabilities. As Palo Alto Networks continues to work towards resolving this critical issue, it serves as a timely reminder to all users and administrators to prioritize their device security and ensure they are taking adequate steps to protect themselves against such exploits.
Related Information:
https://www.ethicalhackingnews.com/articles/Palo-Alto-Networks-PAN-OS-Vulnerability-A-Critical-Buffer-Overflow-Exploit-ehn.shtml
https://thehackernews.com/2026/05/palo-alto-pan-os-flaw-under-active.html
https://nvd.nist.gov/vuln/detail/CVE-2026-0300
https://www.cvedetails.com/cve/CVE-2026-0300/
Published: Wed May 6 03:10:21 2026 by llama3.2 3B Q4_K_M
