CVE-2026-0300
EUVD-2026-2787906.05.2026, 19:16
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| paloaltonetworks | pan-os | 10.2.0 |
| paloaltonetworks | pan-os | 10.2.1 |
| paloaltonetworks | pan-os | 10.2.2 |
| paloaltonetworks | pan-os | 10.2.3 |
| paloaltonetworks | pan-os | 10.2.4 |
| paloaltonetworks | pan-os | 10.2.5 |
| paloaltonetworks | pan-os | 10.2.6 |
| paloaltonetworks | pan-os | 10.2.7 |
| paloaltonetworks | pan-os | 10.2.7:h1 |
| paloaltonetworks | pan-os | 10.2.7:h12 |
| paloaltonetworks | pan-os | 10.2.7:h16 |
| paloaltonetworks | pan-os | 10.2.7:h19 |
| paloaltonetworks | pan-os | 10.2.7:h21 |
| paloaltonetworks | pan-os | 10.2.7:h24 |
| paloaltonetworks | pan-os | 10.2.7:h3 |
| paloaltonetworks | pan-os | 10.2.7:h32 |
| paloaltonetworks | pan-os | 10.2.7:h6 |
| paloaltonetworks | pan-os | 10.2.7:h8 |
| paloaltonetworks | pan-os | 10.2.8 |
| paloaltonetworks | pan-os | 10.2.9 |
| paloaltonetworks | pan-os | 10.2.10 |
| paloaltonetworks | pan-os | 10.2.10:h10 |
| paloaltonetworks | pan-os | 10.2.10:h12 |
| paloaltonetworks | pan-os | 10.2.10:h14 |
| paloaltonetworks | pan-os | 10.2.10:h17 |
| paloaltonetworks | pan-os | 10.2.10:h18 |
| paloaltonetworks | pan-os | 10.2.10:h2 |
| paloaltonetworks | pan-os | 10.2.10:h21 |
| paloaltonetworks | pan-os | 10.2.10:h27 |
| paloaltonetworks | pan-os | 10.2.10:h3 |
| paloaltonetworks | pan-os | 10.2.10:h30 |
| paloaltonetworks | pan-os | 10.2.10:h31 |
| paloaltonetworks | pan-os | 10.2.10:h4 |
| paloaltonetworks | pan-os | 10.2.10:h5 |
| paloaltonetworks | pan-os | 10.2.10:h7 |
| paloaltonetworks | pan-os | 10.2.10:h9 |
| paloaltonetworks | pan-os | 10.2.11 |
| paloaltonetworks | pan-os | 10.2.12 |
| paloaltonetworks | pan-os | 10.2.13 |
| paloaltonetworks | pan-os | 10.2.13:h1 |
| paloaltonetworks | pan-os | 10.2.13:h10 |
| paloaltonetworks | pan-os | 10.2.13:h16 |
| paloaltonetworks | pan-os | 10.2.13:h18 |
| paloaltonetworks | pan-os | 10.2.13:h2 |
| paloaltonetworks | pan-os | 10.2.13:h3 |
| paloaltonetworks | pan-os | 10.2.13:h4 |
| paloaltonetworks | pan-os | 10.2.13:h5 |
| paloaltonetworks | pan-os | 10.2.13:h7 |
| paloaltonetworks | pan-os | 10.2.14 |
| paloaltonetworks | pan-os | 10.2.15 |
| paloaltonetworks | pan-os | 10.2.16 |
| paloaltonetworks | pan-os | 10.2.16:h1 |
| paloaltonetworks | pan-os | 10.2.16:h4 |
| paloaltonetworks | pan-os | 10.2.16:h6 |
| paloaltonetworks | pan-os | 10.2.17 |
| paloaltonetworks | pan-os | 10.2.18 |
| paloaltonetworks | pan-os | 10.2.18:h1 |
| paloaltonetworks | pan-os | 10.2.18:h5 |
| paloaltonetworks | pan-os | 11.1.0 |
| paloaltonetworks | pan-os | 11.1.1 |
| paloaltonetworks | pan-os | 11.1.2 |
| paloaltonetworks | pan-os | 11.1.3 |
| paloaltonetworks | pan-os | 11.1.4 |
| paloaltonetworks | pan-os | 11.1.4:h1 |
| paloaltonetworks | pan-os | 11.1.4:h13 |
| paloaltonetworks | pan-os | 11.1.4:h15 |
| paloaltonetworks | pan-os | 11.1.4:h16 |
| paloaltonetworks | pan-os | 11.1.4:h17 |
| paloaltonetworks | pan-os | 11.1.4:h18 |
| paloaltonetworks | pan-os | 11.1.4:h25 |
| paloaltonetworks | pan-os | 11.1.4:h27 |
| paloaltonetworks | pan-os | 11.1.4:h32 |
| paloaltonetworks | pan-os | 11.1.4:h4 |
| paloaltonetworks | pan-os | 11.1.4:h7 |
| paloaltonetworks | pan-os | 11.1.4:h9 |
| paloaltonetworks | pan-os | 11.1.5 |
| paloaltonetworks | pan-os | 11.1.6 |
| paloaltonetworks | pan-os | 11.1.6:h1 |
| paloaltonetworks | pan-os | 11.1.6:h10 |
| paloaltonetworks | pan-os | 11.1.6:h14 |
| paloaltonetworks | pan-os | 11.1.6:h17 |
| paloaltonetworks | pan-os | 11.1.6:h19 |
| paloaltonetworks | pan-os | 11.1.6:h2 |
| paloaltonetworks | pan-os | 11.1.6:h20 |
| paloaltonetworks | pan-os | 11.1.6:h21 |
| paloaltonetworks | pan-os | 11.1.6:h22 |
| paloaltonetworks | pan-os | 11.1.6:h23 |
| paloaltonetworks | pan-os | 11.1.6:h25 |
| paloaltonetworks | pan-os | 11.1.6:h29 |
| paloaltonetworks | pan-os | 11.1.6:h3 |
| paloaltonetworks | pan-os | 11.1.6:h4 |
| paloaltonetworks | pan-os | 11.1.6:h5 |
| paloaltonetworks | pan-os | 11.1.6:h6 |
| paloaltonetworks | pan-os | 11.1.6:h7 |
| paloaltonetworks | pan-os | 11.1.7 |
| paloaltonetworks | pan-os | 11.1.7:h1 |
| paloaltonetworks | pan-os | 11.1.7:h2 |
| paloaltonetworks | pan-os | 11.1.7:h4 |
| paloaltonetworks | pan-os | 11.1.8 |
| paloaltonetworks | pan-os | 11.1.9 |
| paloaltonetworks | pan-os | 11.1.10 |
| paloaltonetworks | pan-os | 11.1.10:h1 |
| paloaltonetworks | pan-os | 11.1.10:h10 |
| paloaltonetworks | pan-os | 11.1.10:h12 |
| paloaltonetworks | pan-os | 11.1.10:h21 |
| paloaltonetworks | pan-os | 11.1.10:h4 |
| paloaltonetworks | pan-os | 11.1.10:h5 |
| paloaltonetworks | pan-os | 11.1.10:h7 |
| paloaltonetworks | pan-os | 11.1.10:h9 |
| paloaltonetworks | pan-os | 11.1.11 |
| paloaltonetworks | pan-os | 11.1.12 |
| paloaltonetworks | pan-os | 11.1.13 |
| paloaltonetworks | pan-os | 11.1.13:h1 |
| paloaltonetworks | pan-os | 11.1.13:h2 |
| paloaltonetworks | pan-os | 11.1.13:h3 |
| paloaltonetworks | pan-os | 11.1.14 |
| paloaltonetworks | pan-os | 11.2.0 |
| paloaltonetworks | pan-os | 11.2.1 |
| paloaltonetworks | pan-os | 11.2.2 |
| paloaltonetworks | pan-os | 11.2.3 |
| paloaltonetworks | pan-os | 11.2.4 |
| paloaltonetworks | pan-os | 11.2.4:h1 |
| paloaltonetworks | pan-os | 11.2.4:h10 |
| paloaltonetworks | pan-os | 11.2.4:h11 |
| paloaltonetworks | pan-os | 11.2.4:h12 |
| paloaltonetworks | pan-os | 11.2.4:h14 |
| paloaltonetworks | pan-os | 11.2.4:h15 |
| paloaltonetworks | pan-os | 11.2.4:h2 |
| paloaltonetworks | pan-os | 11.2.4:h4 |
| paloaltonetworks | pan-os | 11.2.4:h5 |
| paloaltonetworks | pan-os | 11.2.4:h6 |
| paloaltonetworks | pan-os | 11.2.4:h7 |
| paloaltonetworks | pan-os | 11.2.4:h8 |
| paloaltonetworks | pan-os | 11.2.4:h9 |
| paloaltonetworks | pan-os | 11.2.5 |
| paloaltonetworks | pan-os | 11.2.6 |
| paloaltonetworks | pan-os | 11.2.7 |
| paloaltonetworks | pan-os | 11.2.7:h1 |
| paloaltonetworks | pan-os | 11.2.7:h10 |
| paloaltonetworks | pan-os | 11.2.7:h11 |
| paloaltonetworks | pan-os | 11.2.7:h12 |
| paloaltonetworks | pan-os | 11.2.7:h2 |
| paloaltonetworks | pan-os | 11.2.7:h3 |
| paloaltonetworks | pan-os | 11.2.7:h4 |
| paloaltonetworks | pan-os | 11.2.7:h7 |
| paloaltonetworks | pan-os | 11.2.7:h8 |
| paloaltonetworks | pan-os | 11.2.8 |
| paloaltonetworks | pan-os | 11.2.9 |
| paloaltonetworks | pan-os | 11.2.10 |
| paloaltonetworks | pan-os | 11.2.10:h1 |
| paloaltonetworks | pan-os | 11.2.10:h2 |
| paloaltonetworks | pan-os | 11.2.10:h3 |
| paloaltonetworks | pan-os | 11.2.10:h4 |
| paloaltonetworks | pan-os | 11.2.10:h5 |
| paloaltonetworks | pan-os | 11.2.11 |
| paloaltonetworks | pan-os | 12.1.2 |
| paloaltonetworks | pan-os | 12.1.3 |
| paloaltonetworks | pan-os | 12.1.4 |
| paloaltonetworks | pan-os | 12.1.4:h2 |
| paloaltonetworks | pan-os | 12.1.4:h3 |
| paloaltonetworks | pan-os | 12.1.5 |
| paloaltonetworks | pan-os | 12.1.6 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
Vulnerability Media Exposure