{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2026-006.pdf"
    },
    "title": "Critical Vulnerability in PAN-OS",
    "serial_number": "2026-006",
    "publish_date": "06-05-2026 08:44:32",
    "description": "On 6 May 2026, Palo Alto published a security advisory addressing a critical vulnerability affecting PAN-OS. This vulnerability allows an unauthenticated attacker to execute arbitrary code with root privileges.<br>\nPalo Alto observed limited exploitation of this vulnerability. It is strongly recommended updating affected appliances as soon as patches will be available, and to apply workarounds and mitigation in the meantime.<br>\n",
    "url_title": "2026-006",
    "content_markdown": "---    \ntitle: 'Critical Vulnerability in PAN-OS'\nnumber: '2026-006'\nversion: '1.0'\noriginal_date: '2026-05-06'\ndate: '2026-05-06'\n---\n\n_History:_\n\n* _06/05/2026 --- v1.0 -- Initial publication_\n\n# Summary \n\nOn 6 May 2026, Palo Alto published a security advisory addressing a critical vulnerability affecting PAN-OS [1]. This vulnerability allows an unauthenticated attacker to execute arbitrary code with root privileges.\n\nPalo Alto observed limited exploitation of this vulnerability. It is strongly recommended updating affected appliances as soon as patches will be available, and to apply workarounds and mitigation in the meantime.\n\n# Technical Details\n\nThe vulnerability **CVE-2026-0300**, with the CVSS score of 9.3, is a buffer overflow in the User-ID Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software. [1]\n\nAn unauthenticated attacker could execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. [1]\n\n# Affected Products\n\nThis issue is applicable only to PA-Series and VM-Series firewalls that are configured to use User-ID Authentication Portal.\n\nThe following PAN-OS versions are affected:\n\n* Versions prior to 12.1.4-h5\n* Versions prior to 12.1.7\n* Versions prior to 11.2.4-h17\n* Versions prior to 11.2.7-h13\n* Versions prior to 11.2.10-h6\n* Versions prior to 11.2.12\n* Versions prior to 11.1.4-h33\n* Versions prior to 11.1.6-h32\n* Versions prior to 11.1.7-h6\n* Versions prior to 11.1.10-h25\n* Versions prior to 11.1.13-h5\n* Versions prior to 11.1.15\n* Versions prior to 10.2.7-h34\n* Versions prior to 10.2.10-h36\n* Versions prior to 10.2.13-h21\n* Versions prior to 10.2.16-h7\n* Versions prior to 10.2.18-h6\n\nAdditional information is available in the vendor\u2019s advisory [1].\n\n# Recommendations\n\nThe patches are not available at the time of writing, but are scheduled to be released in the near future. It is recommended updating affected devices as soon as the patches will be released.\n\n## Mitigation\n\nIt is possible to mitigate the risk of this flaw by taking either of the following actions [1]:\n\n* Restrict User-ID Authentication Portal access to only trusted zones.\n* Disable User-ID Authentication Portal if not required.\n\n# References\n \n[1] <https://security.paloaltonetworks.com/CVE-2026-0300>",
    "content_html": "<p><em>History:</em></p><ul><li><em>06/05/2026 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On 6 May 2026, Palo Alto published a security advisory addressing a critical vulnerability affecting PAN-OS [1]. This vulnerability allows an unauthenticated attacker to execute arbitrary code with root privileges.</p><p>Palo Alto observed limited exploitation of this vulnerability. It is strongly recommended updating affected appliances as soon as patches will be available, and to apply workarounds and mitigation in the meantime.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <strong>CVE-2026-0300</strong>, with the CVSS score of 9.3, is a buffer overflow in the User-ID Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software. [1]</p><p>An unauthenticated attacker could execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. [1]</p><h2 id=\"affected-products\">Affected Products</h2><p>This issue is applicable only to PA-Series and VM-Series firewalls that are configured to use User-ID Authentication Portal.</p><p>The following PAN-OS versions are affected:</p><ul><li>Versions prior to 12.1.4-h5</li><li>Versions prior to 12.1.7</li><li>Versions prior to 11.2.4-h17</li><li>Versions prior to 11.2.7-h13</li><li>Versions prior to 11.2.10-h6</li><li>Versions prior to 11.2.12</li><li>Versions prior to 11.1.4-h33</li><li>Versions prior to 11.1.6-h32</li><li>Versions prior to 11.1.7-h6</li><li>Versions prior to 11.1.10-h25</li><li>Versions prior to 11.1.13-h5</li><li>Versions prior to 11.1.15</li><li>Versions prior to 10.2.7-h34</li><li>Versions prior to 10.2.10-h36</li><li>Versions prior to 10.2.13-h21</li><li>Versions prior to 10.2.16-h7</li><li>Versions prior to 10.2.18-h6</li></ul><p>Additional information is available in the vendor\u2019s advisory [1].</p><h2 id=\"recommendations\">Recommendations</h2><p>The patches are not available at the time of writing, but are scheduled to be released in the near future. It is recommended updating affected devices as soon as the patches will be released.</p><h3 id=\"mitigation\">Mitigation</h3><p>It is possible to mitigate the risk of this flaw by taking either of the following actions [1]:</p><ul><li>Restrict User-ID Authentication Portal access to only trusted zones.</li><li>Disable User-ID Authentication Portal if not required.</li></ul><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://security.paloaltonetworks.com/CVE-2026-0300\">https://security.paloaltonetworks.com/CVE-2026-0300</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}