Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

PAN-OS User-ID Authentication Portal buffer overflow actively exploited security flaw (CVE-2026-0300)

Vulnerability
First reported
Last updated
Happening score
H score 41
3 unique sources, 3 articles

Summary

Hide ▲

A PAN-OS buffer overflow in the User-ID Authentication Portal is being actively exploited, creating unauthenticated root RCE risk for PA and VM series firewalls exposed to untrusted networks. Palo Alto Networks says the issue is limited to systems configured to use the portal, especially those reachable from the public internet. Fixes are planned for May 13 and May 28, while restricting portal access to trusted internal IPs reduces exposure.

Related Happenings

CISA KEV listing and FCEB firewall directive for CVE-2026-0300

Public Sector Action
First: 07.05.2026 13:57 Last: 07.05.2026 13:57 Sources 1

How related: On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) also added the CVE-2026-0300 zero-day to its Known Exploited Vulnerabilities (KEV) Catalog and ordered Federal Civilian Executive Branch (FCEB) agencies to secure vulnerable firewalls by Saturday midnight, May 9.

About this happening: **CISA** added **CVE-2026-0300** to the **KEV Catalog** and ordered **FCEB agencies** to secure vulnerable firewalls by **May 9, 2026**. The federal directive makes the exploited...

Open Happening

PAN-OS User-ID Authentication Portal mitigation guidance (CVE-2026-0300)

Advisory/Mitigation
First: 06.05.2026 09:14 Last: 06.05.2026 09:14 Sources 1

How related: Until security updates are available, the company "strongly" advised customers to secure access to the PAN-OS User-ID Authentication Portal by restricting access to trusted zones only, or by disabling the portal if that's not possible, which mitigates the risk of this issue.

About this happening: Palo Alto Networks issued **mitigation guidance** for **CVE-2026-0300** after the **PAN-OS User-ID Authentication Portal** flaw was reported **exploited in the wild**, leaving pub...

Open Happening

Nginx UI auth-bypass exploitation wave (CVE-2026-33032)

Exploitation Wave
First: 16.04.2026 01:35 Last: 16.04.2026 01:35 Sources 1

About this happening: **CVE-2026-33032** is now **actively exploited**, creating immediate risk for **publicly exposed Nginx UI** instances that rely on the vulnerable **/mcp_message** endpoint. Intern...

Open Happening

CISA KEV order for CVE-2026-3055 on Citrix appliances

Public Sector Action
First: 31.03.2026 10:05 Last: 31.03.2026 10:05 Sources 1

About this happening: CISA added **CVE-2026-3055** to the **KEV Catalog** and ordered **FCEB agencies** to secure **Citrix NetScaler** appliances by **Thursday, April 2**, turning an **actively exploit...

Open Happening

Cloud Software Group NetScaler urgent remediation advisory

Advisory/Mitigation
First: 25.03.2026 17:52 Last: 25.03.2026 17:52 Sources 1

About this happening: **Cloud Software Group** issued urgent remediation guidance for **NetScaler ADC** and **NetScaler Gateway**, telling affected customers to install updated versions as soon as poss...

Open Happening

Timeline

  1. 06.05.2026 07:46 3 articles · 21d ago

    Palo Alto Networks discloses CVE-2026-0300 exploitation

    Initial Disclosure

    Palo Alto Networks says CVE-2026-0300 is a buffer overflow in the User-ID Authentication Portal service of PAN-OS software affecting PA and VM series firewalls, and notes that limited exploitation has been observed against portals exposed to untrusted IP addresses or the public internet.

    Show sources
    Open in new tab
  2. 06.05.2026 07:46 1 articles · 21d ago

    Palo Alto Networks schedules first PAN-OS fixes for May 13

    Mitigation Patch Update

    Palo Alto Networks plans a first patch round for CVE-2026-0300 on May 13, with a second round of fixes estimated for May 28, and says restricting User-ID Authentication Portal access to trusted internal IPs significantly reduces exploitation risk.

    Show sources
    Open in new tab
  3. 06.05.2026 07:46 3 articles · 21d ago

    Palo Alto Networks discloses CVE-2026-0300 exploitation

    Initial Disclosure

    Palo Alto Networks says CVE-2026-0300 is a buffer overflow in the User-ID Authentication Portal service of PAN-OS software affecting PA and VM series firewalls, and notes that limited exploitation has been observed against portals exposed to untrusted IP addresses or the public internet.

    Show sources
    Open in new tab