CVE-2026-0300: Palo Alto PAN-OS Zero-Day Enables Root RCE on Exposed Firewalls

**Executive summary:** CVE-2026-0300 is a critical (CVSS 9.3) buffer overflow in Palo Alto PAN‑OS User‑ID Authentication (Captive Portal) that enables unauthenticated remote code execution as root on PA‑Series and VM‑Series firewalls when the portal is enabled and reachable from untrusted networks; limited active exploitation has been observed, so organizations should restrict or disable portal access, narrow allowed source IP ranges, and prioritize applying Palo Alto's fixes.