PAN-OS Captive Portal VulnerabilityCVE-2026-0300

PAN-OS Captive Portal Vulnerability CVE-2026-0300
You are here:

EXECUTIVE SUMMARY

A critical zero-day vulnerability identified as CVE-2026-0300 has been discovered in the Palo Alto Networks PAN-OS Captive Portal / User-ID Authentication Portal component and is currently being actively exploited in the wild. The vulnerability allows unauthenticated remote attackers to execute arbitrary code with root-level privileges on affected firewall devices.


Organizations exposing Captive Portal services to the internet or untrusted networks are at significant risk of compromise. Immediate mitigation and patch deployment are strongly recommended.

  • CVE: CVE-2026-0300
  • CVSS: Critical
  • Active Region: Global
  • Affected Sector: Enterprises, Government, Critical Infrastructure, Financial Services, MSPs
  • Affected Product: Palo Alto Networks PAN-OS (PA-Series and VM-Series)
  • Severity: Critical
  • Threat Date: Active Exploitation Observed

TECHNICAL DETAILS

The vulnerability exists within the PAN-OS Captive Portal / User-ID Authentication Portal functionality and is caused by a buffer overflow condition that can be triggered through specially crafted network requests. Successful exploitation enables attackers to execute arbitrary code remotely with root privileges on affected firewall systems without authentication.

  • Target Component: PAN-OS Captive Portal / User-ID Authentication Portal service responsible for user authentication handling, captive portal processing, and request validation mechanisms.
  • Root Cause: Improper memory handling within the Captive Portal functionality allows specially crafted requests to trigger a buffer overflow condition, resulting in arbitrary code execution with root-level privileges on affected PAN-OS devices.
  • Prerequisite for Exploitation: Captive Portal or User-ID Authentication Portal must be exposed to the internet or untrusted networks while running a vulnerable……

Download the Report

Date

Share

Previous Reports