Cve-2026-0300

vulnerabilities 2026-05-07
Palo Alto PAN-OS CVE-2026-0300: Unauth Root RCE in Captive Portal Exploited as Zero-Day, CISA KEV Deadline May 9
Palo Alto PAN-OS captive portal buffer overflow (CVSS 9.3) under active exploitation gives unauthenticated attackers root on PA- and VM-Series firewalls. Patches don't ship until May 13 — mitigations only.
palo-alto pan-os firewall cve-2026-0300 zero-day rce cisa-kev buffer-overflow

Palo Alto PAN-OS CVE-2026-0300: Unauth Root RCE in Captive Portal Exploited as Zero-Day, CISA KEV Deadline May 9