Updated:
Status:
CVEs:
Fortra is actively researching a critical vulnerability, CVE-2026-0300, that could allow attackers to execute arbitrary code with root privileges on affected Palo Alto Networks PAN-OS devices. CVE-2026-0300 is an unauthenticated user initiated buffer overflow vulnerability in the PAN-OS User-ID™ Authentication Portal service.
Who is affected?
The following PAN-OS platforms are impacted by this vulnerability:
PAN-OS 12.1
- before 12.1.4-h5
- before 12.1.7
PAN-OS 11.2
- before 11.2.4-h17
- before 11.2.7-h13
- before 11.2.10-h6
- before 11.2.12
PAN-OS 11.1
- before 11.1.4-h33
- before 11.1.6-h32
- before 11.1.7-h6
- before 11.1.10-h25
- before 11.1.13-h5
- before 11.1.15
PAN-OS 10.2
- before 10.2.7-h34
- before 10.2.10-h36
- before 10.2.13-h21
- before 10.2.16-h7
- before 10.2.18-h6
What can I do?
Customers should upgrade affected devices to the following fixed versions (or later) when available:
PAN-OS 12.1
- 12.1.4-h5 (ETA: 05/13)
- 12.1.7 (ETA: 05/28)
PAN-OS 11.2
- 11.2.4-h17 (ETA: 05/28)
- 11.2.7-h13 (ETA: 05/13)
- 11.2.10-h6 (ETA: 05/13)
- 11.2.12 (ETA: 05/28)
PAN-OS 11.1
- 11.1.4-h33 (ETA: 05/13)
- 11.1.6-h32 (ETA: 05/13)
- 11.1.7-h6 (ETA: 05/28)
- 11.1.10-h25 (ETA: 05/13)
- 11.1.13-h5 (ETA: 05/13)
- 11.1.15 (ETA: 05/28)
PAN-OS 10.2
- 10.2.7-h34 (ETA: 05/28)
- 10.2.10-h36 (ETA: 05/13)
- 10.2.13-h21 (ETA: 05/28)
- 10.2.16-h7 (ETA: 05/28)
References
How is Fortra helping me?
Fortra is actively researching this threat to build detection capabilities.
Updates
Fortra has kicked off the Emerging Threats process for this vulnerability. This article will be updated with new information about this vulnerability and related security coverage as it becomes available.
