A Vulnerability in PAN-OS Could Allow for Remote Code Execution

A buffer-overflow vulnerability (CVE-2026-0300) in the PAN-OS User-ID Authentication Portal (Captive Portal) can allow an unauthenticated remote attacker to achieve arbitrary code execution with root privileges on PA‑Series and VM‑Series firewalls. No patch was available at the time of the advisory; Palo Alto recommends restricting portal access to trusted zones or disabling the portal until a patch is released.