CVE-2026-0300 Enables Root RCE in PAN-OS Captive Portal

**CVE-2026-0300:** A critical (CVSS 9.3) pre-authentication buffer overflow in PAN-OS User-ID Authentication Portal (Captive Portal) can allow unauthenticated attackers to achieve root RCE on PA-Series and VM-Series firewalls when the portal is enabled and reachable from untrusted networks; limited exploitation has been observed. Mitigations: restrict or disable the Authentication Portal, apply available Threat Prevention signatures, and upgrade to fixed PAN-OS releases listed in the advisory.