U.S. CISA adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalog

Staff Editor 2026-05-07
U.S. CISA adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalog

U.S. CISA adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalog

https://securityaffairs.com/191780/security/u-s-cisa-adds-a-flaw-in-palo-alto-networks-pan-os-to-its-known-exploited-vulnerabilities-catalog.html

Publish Date: 2026-05-07 03:11:00

Source Domain: securityaffairs.com

U.S. CISA adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalog

Pierluigi Paganini
May 07, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Palo Alto Networks PAN-OS, tracked as CVE-2026-0300 (CVSS score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog.

The flaw is a buffer overflow that allows unauthenticated remote code execution, especially when the User-ID portal is exposed to the internet.

“A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.” reads the advisory published by Palo Alto Networks. “The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines by restricting access to only trusted internal IP addresses.”

This week, Palo Alto Networks has warned that the critical PAN-OS vulnerability CVE-2026-0300 is actively exploited in the wild.

Below is the list of impacted products:

Versions Affected Unaffected
Cloud NGFW None All
PAN-OS 12.1 = 12.1.4-h5 (ETA: 05/13)
= 12.1.7 (ETA: 05/28)
PAN-OS 11.2 = 11.2.4-h17 (ETA: 05/28)
= 11.2.7-h13 (ETA: 05/13)
= 11.2.10-h6 (ETA: 05/13)
= 11.2.12 (ETA: 05/28)
PAN-OS 11.1 = 11.1.4-h33 (ETA: 05/13)
= 11.1.6-h32 (ETA: 05/13)
= 11.1.7-h6 (ETA: 05/28)
= 11.1.10-h25 (ETA: 05/13)
= 11.1.13-h5 (ETA: 05/13)
= 11.1.15 (ETA: 05/28)
PAN-OS 10.2 = 10.2.7-h34 (ETA: 05/28)
= 10.2.10-h36 (ETA: 05/13)
= 10.2.13-h21 (ETA: 05/28)
= 10.2.16-h7 (ETA: 05/28)
= 10.2.18-h6 (ETA: 05/13)
Prisma Access None All

The…

Source

More Stories

Automotive Cybersecurity News Q1 2026 – Vehicle Vulnerabilities Double Year-on-Year And Hackers “Brick” Thousands of Cars | Press Releases

Automotive Cybersecurity News Q1 2026 – Vehicle Vulnerabilities Double Year-on-Year And Hackers “Brick” Thousands of Cars | Press Releases

Staff Editor 2026-06-06
Project Glasswing: Key cybersecurity agencies set to get access to Anthropic’s Mythos | Business News

Project Glasswing: Key cybersecurity agencies set to get access to Anthropic’s Mythos | Business News

Staff Editor 2026-06-06
Did Insight’s New AI Cybersecurity Service and Credit Tweaks Just Reframe Insight Enterprises’ (NSIT) Growth Story?

Did Insight’s New AI Cybersecurity Service and Credit Tweaks Just Reframe Insight Enterprises’ (NSIT) Growth Story?

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy