A critical, actively exploited buffer overflow vulnerability (CVE-2026-0300, CVSS 9.8) in the User-ID Authentication Portal of Palo Alto Networks PAN-OS allows unauthenticated, root-level remote code execution. Affected versions include PAN-OS 10.2.0, 10.2.1, 10.2.2, 10.2.3, and 10.2.4. Palo Alto Networks has not yet released a fixed version but urges customers to implement the temporary mitigations provided in their security advisory.
A critical vulnerability (CVE-2026-0300) affecting Palo Alto Networks firewalls is being actively exploited by attackers, the security company acknowledged today, and urged customers to implement mitigations as they are still working on fixes. About CVE-2026-0300 CVE-2026-0300 is a buffer overflow vulnerability in the User-ID Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software. The portal enables user identification for unknown traffic, i.e., situations where the firewall cannot automatically map an IP address … More → The post Root-level RCE vulnerability in Palo Alto firewalls exploited (CVE-2026-0300) appeared first on Help Net Security .