Palo Alto Networks PAN-OS CVE-2026-0300 patch release
Security Patch Release
Summary
Hide ▲
Show ▼
Palo Alto Networks is rolling out patches for CVE-2026-0300, a critical PAN-OS zero-day that has already been exploited in the wild against PA and VM series firewalls. The flaw sits in the User-ID Authentication Portal (Captive Portal) and can let an unauthenticated attacker achieve root code execution with specially crafted packets. The vendor said exploitation has been limited and mainly involved portals exposed to untrusted IP addresses or the public internet. The first fixes are planned for May 13, with a second round of patches estimated for May 28.
Related Happenings
Cisco security patch release for CVE-2026-20182
Security Patch Release
First: 14.05.2026 20:45
Last: 14.05.2026 20:45
Sources 1
About this happening:
Cisco released **updates** for **CVE-2026-20182**, a **maximum-severity authentication bypass** in **Catalyst SD-WAN Controller/Manager**, after the flaw was **exploited in limite...
Cisco security patch release for CVE-2026-20182
Security Patch ReleaseAbout this happening: Cisco released **updates** for **CVE-2026-20182**, a **maximum-severity authentication bypass** in **Catalyst SD-WAN Controller/Manager**, after the flaw was **exploited in limite...
Cisco security patch release for CVE-2026-20188
Security Patch Release
First: 06.05.2026 21:06
Last: 06.05.2026 21:06
Sources 1
About this happening:
**Cisco** released security updates for **CVE-2026-20188**, a high-severity **DoS vulnerability** in **Crosswork Network Controller (CNC)** and **Network Services Orchestrator (NS...
Cisco security patch release for CVE-2026-20188
Security Patch ReleaseAbout this happening: **Cisco** released security updates for **CVE-2026-20188**, a high-severity **DoS vulnerability** in **Crosswork Network Controller (CNC)** and **Network Services Orchestrator (NS...
PAN-OS User-ID Authentication Portal mitigation guidance (CVE-2026-0300)
Advisory/Mitigation
First: 06.05.2026 09:14
Last: 06.05.2026 09:14
Sources 1
How related:
Until security updates are available, the company "strongly" advised customers to secure access to the PAN-OS User-ID Authentication Portal by restricting access to trusted zones only, or by disabling the portal if that's not possible, which mitigates the risk of this issue.
About this happening:
Palo Alto Networks issued **mitigation guidance** for **CVE-2026-0300** after the **PAN-OS User-ID Authentication Portal** flaw was reported **exploited in the wild**, leaving pub...
PAN-OS User-ID Authentication Portal mitigation guidance (CVE-2026-0300)
Advisory/MitigationHow related: Until security updates are available, the company "strongly" advised customers to secure access to the PAN-OS User-ID Authentication Portal by restricting access to trusted zones only, or by disabling the portal if that's not possible, which mitigates the risk of this issue.
About this happening: Palo Alto Networks issued **mitigation guidance** for **CVE-2026-0300** after the **PAN-OS User-ID Authentication Portal** flaw was reported **exploited in the wild**, leaving pub...
Cisco security patch release for CVE-2026-20184
Security Patch Release
First: 16.04.2026 14:27
Last: 16.04.2026 14:27
Sources 1
About this happening:
**Cisco** released patches for **four critical flaws** affecting **Identity Services Engine (ISE)**, **ISE-PIC**, and **Webex Services**, closing paths to **arbitrary code executi...
Cisco security patch release for CVE-2026-20184
Security Patch ReleaseAbout this happening: **Cisco** released patches for **four critical flaws** affecting **Identity Services Engine (ISE)**, **ISE-PIC**, and **Webex Services**, closing paths to **arbitrary code executi...
Nginx UI auth-bypass exploitation wave (CVE-2026-33032)
Exploitation Wave
First: 16.04.2026 01:35
Last: 16.04.2026 01:35
Sources 1
About this happening:
**CVE-2026-33032** is now **actively exploited**, creating immediate risk for **publicly exposed Nginx UI** instances that rely on the vulnerable **/mcp_message** endpoint. Intern...
Nginx UI auth-bypass exploitation wave (CVE-2026-33032)
Exploitation WaveAbout this happening: **CVE-2026-33032** is now **actively exploited**, creating immediate risk for **publicly exposed Nginx UI** instances that rely on the vulnerable **/mcp_message** endpoint. Intern...
Timeline
-
06.05.2026 07:46 2 articles · 21d ago
Palo Alto Networks discloses limited exploitation of CVE-2026-0300
Initial DisclosurePalo Alto Networks said CVE-2026-0300 is a buffer overflow in the User-ID Authentication Portal (Captive Portal) service of PAN-OS software, and that limited exploitation has been observed against PA and VM series firewalls exposed to untrusted IP addresses and/or the public internet.
Show sources
- Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls — www.securityweek.com — 06.05.2026 07:46
- PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage — thehackernews.com — 07.05.2026 16:34
-
06.05.2026 07:46 1 articles · 21d ago
First PAN-OS patch round planned for May 13
Mitigation Patch UpdatePalo Alto Networks said the first round of fixes for CVE-2026-0300 is aimed for May 13, covering the exploited PAN-OS zero-day affecting PA and VM series firewalls that use the User-ID Authentication Portal.
Show sources
- Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls — www.securityweek.com — 06.05.2026 07:46
-
06.05.2026 07:46 1 articles · 21d ago
Second PAN-OS fix round planned for May 28
Mitigation Patch UpdatePalo Alto Networks estimated a second round of fixes for CVE-2026-0300 on May 28 for PA and VM series firewalls configured to use the User-ID Authentication Portal.
Show sources
- Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls — www.securityweek.com — 06.05.2026 07:46