Palo-Alto
Palo Alto PAN-OS CVE-2026-0300: Unauthenticated Root RCE on Captive Portal Under Active Exploitation
Palo Alto Networks PAN-OS User-ID Authentication Portal has an unauthenticated buffer overflow yielding root RCE on PA-Series and VM-Series firewalls. CVSS 9.3, in CISA KEV, federal patch deadline May 9, 2026.
Palo Alto PAN-OS CVE-2026-0300: Unauth Root RCE in Captive Portal Exploited as Zero-Day, CISA KEV Deadline May 9
Palo Alto PAN-OS captive portal buffer overflow (CVSS 9.3) under active exploitation gives unauthenticated attackers root on PA- and VM-Series firewalls. Patches don't ship until May 13 — mitigations only.