Skip to content
Activamente explotadaCVSS 9.8 · CRITICAL

CVE-2026-0300

Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.

Ver en NVD

Análisis

A critical vulnerability in Palo Alto Networks PAN-OS firewalls allows unauthenticated attackers to execute arbitrary code with root privileges. This issue is confirmed to be actively exploited in the wild. Admins should prioritize patching PA-Series and VM-Series appliances or restricting Authentication Portal access to trusted internal IP addresses immediately.

Severidad

Puntaje: 9.8(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-787

CISA KEV

Agregada al KEV: 2026-05-06
Fecha límite federal: 2026-05-09
Uso conocido en ransomware: Unknown
Acción requerida

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Until the vendor releases an official fix, the following workaround should be implemented: - Restrict User-ID Authentication Portal access to only trusted zones. - Disable User-ID Authentication Portal if not required. 5/13/2026: Palo Alto has released a variety of patches. If these are relevant to your environment, please apply the designated patch.

EPSS

Probabilidad de explotación (próx. 30 días): 0.1443 (14.4%)
Percentil: 94.5%
EPSS: 2026-05-20

Afecta

paloaltonetworks:pan-ospaloaltonetworks:pa-1410paloaltonetworks:pa-1420paloaltonetworks:pa-3410paloaltonetworks:pa-3420paloaltonetworks:pa-3430paloaltonetworks:pa-3440paloaltonetworks:pa-410paloaltonetworks:pa-410rpaloaltonetworks:pa-410r-5gpaloaltonetworks:pa-415paloaltonetworks:pa-415-5gpaloaltonetworks:pa-440paloaltonetworks:pa-445paloaltonetworks:pa-450paloaltonetworks:pa-450rpaloaltonetworks:pa-450r-5gpaloaltonetworks:pa-455paloaltonetworks:pa-455-5gpaloaltonetworks:pa-455r-5gpaloaltonetworks:pa-460paloaltonetworks:pa-501paloaltonetworks:pa-505paloaltonetworks:pa-510paloaltonetworks:pa-520paloaltonetworks:pa-540paloaltonetworks:pa-5410paloaltonetworks:pa-5420paloaltonetworks:pa-5430paloaltonetworks:pa-5440paloaltonetworks:pa-5445paloaltonetworks:pa-545-poepaloaltonetworks:pa-5450paloaltonetworks:pa-550paloaltonetworks:pa-5540paloaltonetworks:pa-555-poepaloaltonetworks:pa-5550paloaltonetworks:pa-5560paloaltonetworks:pa-5570paloaltonetworks:pa-5580paloaltonetworks:pa-560paloaltonetworks:pa-7500paloaltonetworks:pa-7500-dpc-apaloaltonetworks:vm-100paloaltonetworks:vm-300paloaltonetworks:vm-50paloaltonetworks:vm-500paloaltonetworks:vm-700siemens:ruggedcom_ape1808_firmwaresiemens:ruggedcom_ape1808

Descripción técnica

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.

Publicada: 6/5/2026, 19:16:35
Última modificación: 12/5/2026, 18:47:21

Referencias

InicioEventosBlogRecursosEquipo