- Severity: CVSS 4.0 9.3 (Critical)
- Affected: PA-Series and VM-Series firewalls · PAN-OS 10.2, 11.1, 11.2, 12.1
- Patched: Rolling out May 13–28, 2026 · Exploitation: Confirmed in the wild
Introduction
Palo Alto Networks published the advisory for CVE-2026-0300 on May 5, 2026, alongside a Threat Prevention signature for PAN-OS 11.1 and above. By then, exploitation had already been observed against internet-exposed Authentication Portals.
The vulnerability is an out-of-bounds write (CWE-787) in the User-ID™ Authentication Portal service, also known as the Captive Portal. It only triggers when two conditions are true: the portal is enabled, and it’s reachable from an untrusted or public network. If your portal is locked down to internal IPs, your risk drops considerably. If it’s internet-facing, you’re a target right now.
Prisma Access, Cloud NGFW, and Panorama are not affected.
What Happened
The Captive Portal service in PAN-OS handles the authentication flow for users connecting through the firewall, it’s the page that prompts users to sign in before being granted network access. A buffer in this service can be overflowed by sending it specially crafted packets, triggering an out-of-bounds write that corrupts adjacent memory.
When exploited successfully, the attacker achieves arbitrary code execution with root privileges on the firewall, no prior authentication needed, no interaction from any user on the device. The attack is automatable and fully remote.
Palo Alto has confirmed the exploit maturity as ATTACKED, meaning limited exploitation was already underway at the time of disclosure.
Fig 1: Exploit Chain Overview
Attack Sequence
When the Authentication Portal is exposed to the internet, the attack path is direct.
An attacker sends a crafted HTTP packet to the Captive Portal endpoint. The malformed payload overflows a buffer in the portal service process, triggering the out-of-bounds write. From there, control flow is hijacked, the attacker’s code runs in the PAN-OS context with uid=0. At that point the firewall is theirs.
What happens next is the part that should keep network operators up at night. A compromised perimeter firewall at root level is the master key to the network behind it.
Fig 2: Attack Sequence
Why This Is Especially Dangerous
This isn’t just a firewall compromise in isolation. Perimeter devices are trusted by everything behind them. Gaining root on a PA-Series firewall means an attacker can:
- Intercept all traffic passing through the device, including plaintext credentials, session tokens, and internal communications
- Modify security policies and NAT rules to open inbound access deeper into the network
- Harvest VPN credentials and User-ID authentication material directly from the service that was exploited
- Move laterally across the internal network while the firewall itself masks malicious traffic
- Establish persistence through modified configurations or implants that survive reboots
A compromised perimeter device auditing its own logs is not an auditor you can trust. Treat any internet-exposed Authentication Portal as a potential compromise candidate until you’ve confirmed otherwise.
Affected Versions
| PAN-OS Branch | Vulnerable Versions | Fix Available |
|---|---|---|
| 12.1 | < 12.1.4-h5 < 12.1.7 | >= 12.1.4-h5 (ETA: 05/13) >= 12.1.7 (ETA: 05/28) |
| 11.2 | < 11.2.4-h17 < 11.2.7-h13 < 11.2.10-h6 < 11.2.12 | >= 11.2.4-h17 (ETA: 05/28) >= 11.2.7-h13 (ETA: 05/13) >= 11.2.10-h6 (ETA: 05/13) >= 11.2.12 (ETA: 05/28) |
| 11.1 | < 11.1.4-h33 < 11.1.6-h32 < 11.1.7-h6 < 11.1.10-h25 < 11.1.13-h5 < 11.1.15 | >= 11.1.4-h33 (ETA: 05/13) >= 11.1.6-h32 (ETA: 05/13) >= 11.1.7-h6 (ETA: 05/28) >= 11.1.10-h25 (ETA: 05/13) >= 11.1.13-h5 (ETA: 05/13) >= 11.1.15 (ETA: 05/28) |
| 10.2 | < 10.2.7-h34 < 10.2.10-h36 < 10.2.13-h21 < 10.2.16-h7 < 10.2.18-h6 | >= 10.2.7-h34 (ETA: 05/28) >= 10.2.10-h36 (ETA: 05/13) >= 10.2.13-h21 (ETA: 05/28) >= 10.2.16-h7 (ETA: 05/28) >= 10.2.18-h6 (ETA: 05/13) |
Cloud NGFW, Prisma Access, and Panorama are not affected. All of the data are from the official Palo Alto’s document.
Mitigations
Patches are the permanent fix, but they roll out over two weeks. Act now.
1. Restrict Authentication Portal to trusted zones only
Navigate to Device > User Identification > Authentication Portal Settings and ensure the portal is bound to trusted internal zones. It should never be reachable from the internet or untrusted networks.
2. Disable Authentication Portal if not needed
If your organisation doesn’t actively use Captive Portal for user identification, disable it. Navigate to Device > User Identification > Authentication Portal Settings → Enable Authentication Portal and turn it off. The attack surface disappears with it.
3. Enable the Threat Prevention signature (PAN-OS 11.1 and above)
A Threat Prevention content update with a detection signature for this vulnerability shipped on May 5. Ensure it’s applied across all security policies covering internet-facing zones.
4. Patch as soon as your version’s fix is available
Track your version branch against the table above. The earliest fixes land May 13, don’t wait if your branch is covered then. Full schedule is listed in the official Palo Alto advisory.
Indicators of Compromise
No public exploit code or confirmed network-level indicators have been released at the time of writing. Palo Alto has not published specific IP ranges or payload hashes yet. That said, given confirmed active exploitation, the following are worth hunting for.
On the firewall:
- Unexpected processes or child processes spawned from the Authentication Portal service
- Unusual outbound connections from the management or data plane that you didn’t initiate
- Authentication Portal service crashes or unexpected restarts logged around suspicious inbound traffic
In traffic logs:
- Anomalously large or malformed HTTP requests to the Captive Portal endpoint
- High-volume connection attempts to the portal from external IPs, especially automated-looking patterns
- Repeated attempts with unusual user-agent strings or missing standard headers
Configuration integrity:
- Unexpected changes to security policies, NAT rules, or admin accounts
- New administrator accounts or modified credentials you didn’t create
- Changes to log forwarding destinations, a common persistence technique to blind defenders
Until Palo Alto or third-party researchers publish confirmed IoCs, cross-referencing portal traffic anomalies against unexpected firewall behaviour is your best hunting signal. Watch the official advisory for updates as more exploitation details emerge.