VULNERABILITY•MAY 14, 2026
CVE-2026-0300: Unauthenticated Root RCE in PAN-OS Captive Portal Under Active Exploitation
A buffer overflow in the PAN-OS User-ID Authentication Portal lets unauthenticated attackers execute code as root on PA-Series and VM-Series firewalls. Palo Alto confirmed in-the-wild exploitation and CISA added it to KEV before patches shipped.