Palo Alto PAN-OS RCE Zero-Day CVE-2026-0300 Actively Exploited

CVE-2026-0300 is a critical unauthenticated buffer overflow in the PAN-OS User-ID Authentication Portal, carrying a CVSS score of 9.3 and enabling remote code execution on PA-Series and VM-Series firewalls. Palo Alto Networks confirmed the vulnerability is being actively exploited in the wild.

No patch was available at the time of initial disclosure. Palo Alto’s recommended interim mitigation is to disable internet-facing access to the User-ID Authentication Portal and Captive Portal. Organizations with these services internet-exposed should treat this as an emergency until patches are available. Monitor for unexpected process execution or outbound connections from firewall management interfaces.