https://cybercrime.club/tags/palo-alto/Infrastructure security news for people who build infrastructure.Hugo -- gohugo.ioen-usFri, 08 May 2026 23:09:36 -0400https://cybercrime.club/posts/palo-alto-pan-os-cve-2026-0300-captive-portal-zero-day-cisa-kev/Fri, 08 May 2026 23:09:36 -0400https://cybercrime.club/posts/palo-alto-pan-os-cve-2026-0300-captive-portal-zero-day-cisa-kev/Palo Alto Networks PAN-OS User-ID Authentication Portal has an unauthenticated buffer overflow yielding root RCE on PA-Series and VM-Series firewalls. CVSS 9.3, in CISA KEV, federal patch deadline May 9, 2026.vulnerabilitieshttps://cybercrime.club/posts/palo-alto-pan-os-cve-2026-0300-captive-portal-zero-day-rce/Thu, 07 May 2026 23:09:26 -0400https://cybercrime.club/posts/palo-alto-pan-os-cve-2026-0300-captive-portal-zero-day-rce/Palo Alto PAN-OS captive portal buffer overflow (CVSS 9.3) under active exploitation gives unauthenticated attackers root on PA- and VM-Series firewalls. Patches don't ship until May 13 — mitigations only.vulnerabilities