Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal

Published on 06-May-2026
Updated:
19-May-2026
Status:
 
Active
CVEs:
CVE-2026-0300

Fortra is actively researching a critical vulnerability, CVE-2026-0300, that could allow attackers to execute arbitrary code with root privileges on affected Palo Alto Networks PAN-OS devices. CVE-2026-0300 is an unauthenticated user initiated buffer overflow vulnerability in the PAN-OS User-ID™ Authentication Portal service. 

Who is affected?

The following PAN-OS platforms are impacted by this vulnerability:

PAN-OS 12.1

  • before 12.1.4-h5
  • before 12.1.7

PAN-OS 11.2

  • before 11.2.4-h17
  • before 11.2.7-h13
  • before 11.2.10-h6
  • before 11.2.12

PAN-OS 11.1

  • before 11.1.4-h33
  • before 11.1.6-h32
  • before 11.1.7-h6
  • before 11.1.10-h25
  • before 11.1.13-h5
  • before 11.1.15

PAN-OS 10.2

  • before 10.2.7-h34
  • before 10.2.10-h36
  • before 10.2.13-h21
  • before 10.2.16-h7
  • before 10.2.18-h6

What can I do?

Customers should upgrade affected devices to the following fixed versions (or later) when available:

PAN-OS 12.1

  • 12.1.4-h5 (ETA: 05/13)
  • 12.1.7 (ETA: 05/28)

PAN-OS 11.2

  • 11.2.4-h17 (ETA: 05/28)
  • 11.2.7-h13 (ETA: 05/13)
  • 11.2.10-h6 (ETA: 05/13)
  • 11.2.12 (ETA: 05/28)

PAN-OS 11.1

  • 11.1.4-h33 (ETA: 05/13)
  • 11.1.6-h32 (ETA: 05/13)
  • 11.1.7-h6 (ETA: 05/28)
  • 11.1.10-h25 (ETA: 05/13)
  • 11.1.13-h5 (ETA: 05/13)
  • 11.1.15 (ETA: 05/28)

PAN-OS 10.2

  • 10.2.7-h34 (ETA: 05/28)
  • 10.2.10-h36 (ETA: 05/13)
  • 10.2.13-h21 (ETA: 05/28)
  • 10.2.16-h7 (ETA: 05/28)

References

How is Fortra helping me?

Fortra is actively researching this threat to build detection capabilities in addition to those listed below. 

  • Tripwire IP360: Fortra released IP360 remote scan coverage on May 14, 2026, to help customers identify vulnerable instances. IP360 flags detected vulnerabilities under Vulnerability ID 844510 for CVE-2026-0300.
  • Fusion VM: Fortra released the authenticated FusionVM tool on April 15, 2026, to identify systems affected by ExposureID 364222.

Updates

Fortra has kicked off the Emerging Threats process for this vulnerability. This article will be updated with new information about this vulnerability and related security coverage as it becomes available.

05/14/2026: IP360 released remote scan coverage to detect CVE-2026-0300 under Vulnerability ID 844510.

04/15/2026: FusionVM released an authenticated tool to detect ExposureID 364222.

Recent Emerging Threats
:
Oracle PeopleSoft PeopleTools Zero-day Vulnerability
:
Critical vulnerability affecting Cisco Catalyst SD-WAN
:
React Server Component Remote Code Execution Vulnerability
:
FortiWeb UI Path Traversal Vulnerability
:
Oracle Concurrent Processing
Security Alerts in Your Inbox. We will watch for emerging threats; you can watch for our email.