- 115/2026
- Critical
Palo Alto Networks has released a security update to address a critical vulnerability affecting Palo Alto PAN-OS versions 12.1, 11.2, 11.1, and 10.2.
The addressed vulnerability could allow the remote attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.
The addressed vulnerability:
PAN-OS: Unauthenticated User-Initiated Buffer Overflow Vulnerability in User- ID Authentication Portal (CVE-2026-0300):
- CVSS: 9.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
It should be highlighted that Palo Alto Networks is aware that the vulnerability “CVE-2026-0300” is being exploited in the wild.
Vulnerabilities
CVE-2026-0300
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.