A critical vulnerability (CVE-2026-0300, CVSS 9.8) in Palo Alto PAN-OS allows remote code execution via the User-ID Authentication Portal. Affected versions include PAN-OS 10.2.0 through 10.2.4, among other major release branches as detailed in the vendor advisory. Palo Alto Networks has provided specific fixed versions; administrators must consult the provided security advisory link for the exact patched releases applicable to their deployment.
A vulnerability was identified in Palo Alto PAN-OS. A remote attacker can exploit this vulnerability to trigger remote code execution on the targeted system. Note: CVE-2026-0300 is being scattered exploited. User-ID™ Authentication Portal (aka Captive... Impact Remote Code Execution System / Technologies affected PAN-OS 10.2 versions earlier than PAN-OS 10.2.7-h34, 10.2.10-h36, 10.2.13-h21, 10.2.16-h7, 10.2.18-h6 PAN-OS 11.1 versions earlier than PAN-OS 11.1.4-h33, 11.1.6-h32, 11.1.7-h6, 11.1.10-h25, 11.1.13-h5, 11.1.15 PAN-OS 11.2 versions earlier than PAN-OS 11.2.4-h17, 11.2.7-h13, 11.2.10-h6, 11.2.12 PAN-OS 12.1 versions earlier than PAN-OS 12.1.4-h5, 12.1.7 Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor For detail, please refer to the link below: https://security.paloaltonetworks.com/CVE-2026-0300