PAN-OS User-ID Authentication Portal mitigation guidance (CVE-2026-0300)
Advisory/Mitigation
Summary
Hide ▲
Show ▼
Palo Alto Networks issued mitigation guidance for CVE-2026-0300 after the PAN-OS User-ID Authentication Portal flaw was reported exploited in the wild, leaving publicly accessible portals at risk of unauthenticated remote code execution. The company advised customers to restrict access to trusted zones or disable the portal if it is not required. The issue remains unpatched while fixes are planned to start on May 13, 2026. The affected scope is PA-Series and VM-Series firewalls configured to use the portal.
Related Happenings
Cisco Catalyst SD-WAN authentication bypass flaw actively exploited (CVE-2026-20182)
Vulnerability
First: 14.05.2026 23:09
Last: 14.05.2026 23:09
Sources 1
About this happening:
**CVE-2026-20182** is an actively exploited **authentication bypass** in **Cisco Catalyst SD-WAN Controller** and **Cisco Catalyst SD-WAN Manager**, creating a path to **administr...
Cisco Catalyst SD-WAN authentication bypass flaw actively exploited (CVE-2026-20182)
VulnerabilityAbout this happening: **CVE-2026-20182** is an actively exploited **authentication bypass** in **Cisco Catalyst SD-WAN Controller** and **Cisco Catalyst SD-WAN Manager**, creating a path to **administr...
Latest development: 14.05.2026 23:25
Cisco released a patch for CVE-2026-20182, giving organizations using Cisco Catalyst SD-WAN Controllers a way to block the authentication bypass before UAT-8616 can continue using it for administrative access, SSH key insertion, NETCONF changes, and root escalation.
CISA KEV listing and FCEB firewall directive for CVE-2026-0300
Public Sector Action
First: 07.05.2026 13:57
Last: 07.05.2026 13:57
Sources 1
How related:
On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) also added the CVE-2026-0300 zero-day to its Known Exploited Vulnerabilities (KEV) Catalog and ordered Federal Civilian Executive Branch (FCEB) agencies to secure vulnerable firewalls by Saturday midnight, May 9.
About this happening:
**CISA** added **CVE-2026-0300** to the **KEV Catalog** and ordered **FCEB agencies** to secure vulnerable firewalls by **May 9, 2026**. The federal directive makes the exploited...
CISA KEV listing and FCEB firewall directive for CVE-2026-0300
Public Sector ActionHow related: On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) also added the CVE-2026-0300 zero-day to its Known Exploited Vulnerabilities (KEV) Catalog and ordered Federal Civilian Executive Branch (FCEB) agencies to secure vulnerable firewalls by Saturday midnight, May 9.
About this happening: **CISA** added **CVE-2026-0300** to the **KEV Catalog** and ordered **FCEB agencies** to secure vulnerable firewalls by **May 9, 2026**. The federal directive makes the exploited...
Cisco security patch release for CVE-2026-20188
Security Patch Release
First: 06.05.2026 21:06
Last: 06.05.2026 21:06
Sources 1
About this happening:
**Cisco** released security updates for **CVE-2026-20188**, a high-severity **DoS vulnerability** in **Crosswork Network Controller (CNC)** and **Network Services Orchestrator (NS...
Cisco security patch release for CVE-2026-20188
Security Patch ReleaseAbout this happening: **Cisco** released security updates for **CVE-2026-20188**, a high-severity **DoS vulnerability** in **Crosswork Network Controller (CNC)** and **Network Services Orchestrator (NS...
PAN-OS User-ID Authentication Portal buffer overflow actively exploited security flaw (CVE-2026-0300)
Vulnerability
First: 06.05.2026 07:46
Last: 06.05.2026 07:46
Sources 1
How related:
The vulnerability in question is CVE-2026-0300 (CVSS score: 9.3/8.7), a buffer overflow vulnerability in the User-ID Authentication Portal service of Palo Alto Networks PAN-OS software that could allow an unauthenticated attacker to execute arbitrary code with root privileges by sending specially crafted packets.
About this happening:
A **PAN-OS** **buffer overflow** in the **User-ID Authentication Portal** is being **actively exploited**, creating **unauthenticated root RCE** risk for **PA and VM series firewa...
PAN-OS User-ID Authentication Portal buffer overflow actively exploited security flaw (CVE-2026-0300)
VulnerabilityHow related: The vulnerability in question is CVE-2026-0300 (CVSS score: 9.3/8.7), a buffer overflow vulnerability in the User-ID Authentication Portal service of Palo Alto Networks PAN-OS software that could allow an unauthenticated attacker to execute arbitrary code with root privileges by sending specially crafted packets.
About this happening: A **PAN-OS** **buffer overflow** in the **User-ID Authentication Portal** is being **actively exploited**, creating **unauthenticated root RCE** risk for **PA and VM series firewa...
Palo Alto Networks PAN-OS CVE-2026-0300 patch release
Security Patch Release
First: 06.05.2026 07:46
Last: 06.05.2026 07:46
Sources 1
How related:
Palo Alto Networks told BleepingComputer yesterday that the flaw doesn't impact Cloud NGFW or Panorama appliances and that it's still working on releasing patches, with the first ones expected to roll out next Wednesday, May 13.
About this happening:
Palo Alto Networks is rolling out **patches** for **CVE-2026-0300**, a **critical PAN-OS zero-day** that has already been **exploited in the wild** against **PA and VM series fire...
Palo Alto Networks PAN-OS CVE-2026-0300 patch release
Security Patch ReleaseHow related: Palo Alto Networks told BleepingComputer yesterday that the flaw doesn't impact Cloud NGFW or Panorama appliances and that it's still working on releasing patches, with the first ones expected to roll out next Wednesday, May 13.
About this happening: Palo Alto Networks is rolling out **patches** for **CVE-2026-0300**, a **critical PAN-OS zero-day** that has already been **exploited in the wild** against **PA and VM series fire...
Timeline
-
06.05.2026 09:14 3 articles · 21d ago
PAN-OS CVE-2026-0300 mitigation guidance
Initial DisclosurePalo Alto Networks issued an advisory for CVE-2026-0300 affecting PAN-OS's User-ID Authentication Portal on PA-Series and VM-Series firewalls, saying the critical buffer overflow had seen limited exploitation where the portal was publicly accessible. The company said the issue remained unpatched, advised customers to restrict the portal to trusted zones or disable it if unused, and stated that fixes are planned to begin on May 13, 2026.
Show sources
- Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution — thehackernews.com — 06.05.2026 09:14
- Palo Alto Networks warns of firewall RCE zero-day exploited in attacks — www.bleepingcomputer.com — 06.05.2026 12:18
- PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage — thehackernews.com — 07.05.2026 16:34
-
06.05.2026 09:14 3 articles · 21d ago
PAN-OS CVE-2026-0300 mitigation guidance
Initial DisclosurePalo Alto Networks issued an advisory for CVE-2026-0300 affecting PAN-OS's User-ID Authentication Portal on PA-Series and VM-Series firewalls, saying the critical buffer overflow had seen limited exploitation where the portal was publicly accessible. The company said the issue remained unpatched, advised customers to restrict the portal to trusted zones or disable it if unused, and stated that fixes are planned to begin on May 13, 2026.
Show sources
- Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution — thehackernews.com — 06.05.2026 09:14
- Palo Alto Networks warns of firewall RCE zero-day exploited in attacks — www.bleepingcomputer.com — 06.05.2026 12:18
- PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage — thehackernews.com — 07.05.2026 16:34