CVE-2026-0300: Palo Alto PAN-OS Zero-Day Enables Root RCE on Exposed Firewalls

CVE-2026-0300 is a critical buffer-overflow vulnerability in Palo Alto PAN-OS’s User-ID Authentication (Captive) Portal that allows unauthenticated attackers to achieve remote code execution as root on PA-Series and VM-Series firewalls when the portal is enabled and reachable from untrusted networks; limited in-the-wild exploitation has been observed, and immediate mitigations include restricting or disabling the portal and applying vendor patches as they become available.