CVE-2026-0300: Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
Summary
A critical out-of-bounds write vulnerability (CVE-2026-0300) has been identified in Palo Alto Networks PAN-OS, specifically within the User-ID Authentication Portal service. This flaw allows unauthenticated attackers to execute arbitrary code with root privileges on affected firewalls by sending crafted packets. Federal agencies must apply mitigations or disconnect the product by May 9, 2026.
IFF Assessment
This vulnerability allows unauthenticated attackers to gain root privileges on sensitive network devices, posing a significant threat to defenders.
Severity
The CVSS score is estimated to be high due to the critical nature of an 'out-of-bounds write' allowing arbitrary code execution with root privileges on firewalls, coupled with an 'attack vector' that can be network-based and requires no authentication.
CISA KEV: Listed as actively exploited. Federal patch due: May 09, 2026. Known ransomware use: Unknown.
Defender Context
This vulnerability represents a severe risk to network infrastructure, as it allows for unauthenticated remote code execution with root privileges on Palo Alto Networks firewalls. Defenders must prioritize applying the vendor-recommended workarounds, such as restricting User-ID Authentication Portal access or disabling it entirely if not essential, and remain vigilant for official patches. This highlights the ongoing need for robust network segmentation and timely vulnerability management for critical security appliances.