CVE-2026-0300: Palo Alto Networks PAN-OS Out-of-bounds Write

Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability. Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.

• CISA KEV-listed (remediation due 2026-05-09)
• EPSS 4.9% (89.8% percentile)

Related briefings

• Hackers Are Breaking Into Palo Alto VPNs Without a Password 2026-06-06
• Hackers Hijack Palo Alto Firewalls With Unpatched Root Flaw 2026-06-06

Browse the CVE database

Read the full analysis on IntelFusions