[CDP-development] Palo Alto Security Advisory

Galusha, Kevin KGalusha at clackamas.us
Wed May 6 12:43:56 PDT 2026 

Disruptors,

If your agency uses Palo Alto devices, this advisory is worth reviewing.  The recent CISA security advisory can be found here https://www.cisa.gov/news-events/alerts/2026/05/06/cisa-adds-one-known-exploited-vulnerability-catalog --  Below is a message from Palo Alto on the matter.


Thanks,

Kevin Galusha, CISSP
Cybersecurity Architect
Clackamas County Technology Services
(503)723-4960
KGalusha at clackamas.us<mailto:KGalusha at clackamas.us>
www.clackamas.us<http://www.clackamas.us/>

From: Jan Frey <jfrey at paloaltonetworks.com>
Sent: Wednesday, May 6, 2026 12:28 PM
To: Julian Santiago <jusantiago at paloaltonetworks.com>
Subject: Important Security Update: Action Required for PAN-OS (CVE-2026-0300)

Warning: External email. Be cautious opening attachments and links.
________________________________

________________________________
Hi all,Hope you`re doing great.I`m writing to share an important security update regarding a critical vulnerability (CVE-2026-0300) we just published.We detected an unauthenticated user-initiated buffer overflow vulnerability in the User-ID Authentication Portal (Captive Portal) of PAN-OS. If exploi
<https://login-us.mimecast.com/u/login/?gta=apps&link=cybergraph-report/eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIn0.L8v7OH9Kp2axy-DCiSavtNfgTeSTqpHsE6FBuetVTFQlrHjqS5djxUL8VIFsQgvXYHKcCUyanp0Y2dJwsQqUhZJRiUQs2gakgsxuzAxPuo-HiWSNUnT5YSx0SUHgeMCwW49nUn4pSM2Z2QATXWwPuSho1TLzhOEUp_WixrfgBVm5EBlwtNutE-I3AqCMcM5ObcaJFkXbMZwnW3WWkMP3YhYoSHgSBhi2eWrw1GeaFGn240wdxI3K1j-cPZqNmIP26HXaOvN_45mOm1SeCvtpMfQlQ0uqzFCxwDojgNaYxAwFdHeIGWTNSxQyaxBXH8jfjYwDtT_Q_4hmxk9GIsKehw.wJ_BoVGlLpTkMvs7.MeGGPkEbME7oZIeYWSHUOQOnDwWC2-3rTmS0FxeDiawTFso027rwXK6AsgWzbTyAAo6Msq0lC6Qe6pMULjxK82CtIIw-HaTu3zmMXBjaktrreplE2R6Z6iBJjiDySh5U409ocyt0v3i_XHxhMngD7ck6rK4EgCSs0EwiPiYCXHdjomiwqQusT0vJQWqvLBEJ7imFigcmOoD5GK3Q4xz7SqXzLnAYUwuRQIY2hKeXnVhcvZDvLhJ1xPOA1uyk5LmsRmvdX0d0yw8RomqETtINoVKAzi-XK18xAzD9UCatBUK2uKOXt3gxxRxfl6yZhfmis8HlKHMfEkIEOc9XaHw3xEmOIjqkazmoBSZhfsXnBgCrjUKvLR6afoXDoAV4ENUy5M76xfupXccTBvQ1aAiRqcn8KS0MwMnH7RuxojhL-NW8IjYgOnte-PRwvgZfJhi_uXp9trQxH62v4E0p65ZS-wFwpnf0YVuVwA7Vx37oUPGVmhQvOJqAz8o7PH1VT0iO2HsX.xlWLh1UJl2yIZPSKN2HTQA>
CGBANNERINDICATOR

Hi all,

Hope you`re doing great.

I`m writing to share an important security update regarding a critical vulnerability (CVE-2026-0300) we just published.

We detected an unauthenticated user-initiated buffer overflow vulnerability in the User-ID Authentication Portal (Captive Portal) of PAN-OS. If exploited, it could allow an attacker to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls.

Just FYI, Prisma Access, Cloud NGFW, and Panorama appliances are not impacted by this.

The affected PAN-OS versions include:

  *   PAN-OS 12.1 (< 12.1.4-h5 and < 12.1.7)
  *   PAN-OS 11.2 (< 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12)
  *   PAN-OS 11.1 (< 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15)
  *   PAN-OS 10.2 (< 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6)

Here is what you need to do immediately to mitigate the risk:

  *   Restrict your User-ID Authentication Portal access to only trusted internal IP zones.
  *   Please don`t expose it to the public internet.
  *   Alternatively, disable the User-ID Authentication Portal if you don`t require it.

If you want to check if your environment was targeted: please make sure you have the latest Threat Prevention content update applied (available for PAN-OS 11.1 and above) and check your Threat logs for any signature matches. It`s also worth reviewing your system logs for any unexpected crashes or anomalous activity related to the Captive Portal.

We`re rolling out fixes in upcoming PAN-OS releases. Depending on your specific version branch, patches are expected to be available on either 05/13 or 05/28.

You can read the full advisory and keep track of the ETAs here: https://security.paloaltonetworks.com/CVE-2026-0300<https://security.paloaltonetworks.com/CVE-2026-0300>

Please review your configs and let me know if you need any help implementing the workarounds or have any other questions.

Thx,


Jan Frey  |  Solutions Consultant, SLED

Palo Alto Networks  |  3000 Tannery Way  |  Santa Clara, CA 95054  |  USA

Mobile: 503.519.7538  | www.paloaltonetworks.com<https://www.paloaltonetworks.com/>

[https://image-tracking-service.us-1.mimecastcybergraph.com/v1/image?imageData=BK1eoXk3QlYnnnrWH%2BenG3DSzdU%2F9Q930Rx5YV7jVwNiyCtBZawqki8Js5RL%2FPoKCN52bkW%2FMjELOm6a9Y1VpvReoKWapbB7mQfElhAsP7uIWTTxU4oCtMObBFrZJfTpfzlQIVjYYxJ6hyvfO2P1GVzhn1x83%2FyHK1vtctHGYjyoFwgNVfVk75YCL8nPWxRCd7Xb5b4%2FhuNXRvyftYueyX9Nw2Nv2ncfXYcXKQ1ASzr589LS5KSL4A0bcWamQ%2B47aVwnssxgUk7poX9iXtfPc4S7bgJk7C8hC%2FOBMj47J00pYPK1jNeCyUfNW8wTv6NLb2yByr7ZSG1rnUObTU%2FmYd1wvdIFnsZPeJ6PCCywRVnp27ZMvSK3CHUtJZ5xo%2FHXfm5MBMmKponRTuOM8lgQOtCoCZrCdmaKitIt%2FRDXsB4VEBY9zwPWS6rFToXtBYK2c%2FpNVBO5w5EMIoq0tUroQY6tzBA8xI1iz0Q%3D]<https://www.paloaltonetworks.com/>     [https://image-tracking-service.us-1.mimecastcybergraph.com/v1/image?imageData=LQ69z%2Bzm6MNWZEkD2eN6d1lmGkU0eyLBJ2rSxI37NpnUTwXJCW%2Ff3pL1WR1PQx9MbPmVETPNJ%2F63AJ%2BNwlhArBVl9uYa%2BOHd3FOoY5lXhjDsAwqOJwfGlTDfZmggxt04DKNVdlFKe9WqDJfSpBImV2ZI0u6nUrMswLw2mbm2zLecD%2FU5EIRBp6NWYzMNXEphwVKGQjiOqqTXsTVBr0BtsDWm7%2Ftr6wumHjJEJmvIji%2FbDghXAETZ%2FLI4LfHJvUnEzlnLQEBzp7dmWVLymaBZ7yBCtvqjNIFK6p0doLSkDF0yM3YWHhEhnPPEKXH4ySyqZXyuUpPIh%2FWUPnrhLwzB8Vo9SVNP0%2FNVFXow16p4u%2B5fAwgt8eS4ofCbLhVlJrpUT7Uk0jiH5V40zbadLJorSDwzlDhsG2Hm5tgmD4ZoUkVsBxP6vri%2BPUuFJglF4C8j76%2FCXoiA5DelcJy0bdEm1LK9S%2FEOrhqwEgk%3D] <https://www.linkedin.com/company/palo-alto-networks>  [https://image-tracking-service.us-1.mimecastcybergraph.com/v1/image?imageData=6vLmX3NkD%2F3yvYf58egJEtnLgZtAMblu2nPCnrXCEtx%2Bi3SDfVIvB01Dmxe9NyGSXEXOWH%2B58tmOcFvb4TQHT2ISpksQYn86dSTOFDN8IPh8OawdcuE3rk6ZHXbQKbPx0EtHYOYO8zaz6MXZjWNgTuAF4%2Fx0Dovbl%2BKmX4NWkTgJOxorHyu%2FZtC1TSxqCmKlzLLz78jv9XABvAhvnzVV6tVba88Gu%2Fwbz9YKv25N2Iy5%2B9pZ%2BySk%2BaRZwwweIO%2B79KwwKvyj5iWD22qCM15PmpvVDk2TgxF308HeccmSrOBh1O%2F4hCoBpv7Vi2Wb2ofvmtFMOWs0Egr%2FpE6KrZeLCAoXO%2BdEW5y0y5Dm1Mf8sQNREuBBrw2VTfDcwjv4fqGzaANa962YbNVeOr2TlnbR60R3cK8Qs8z5o8HNNrKuw%2Bl76VJqAYbE%2BbRJ513z8qLoysVIIiM5K7xYXdtjgr0dTHzBuWXyv5U9eUA%3D] <https://www.facebook.com/PaloAltoNetworks/>  [https://image-tracking-service.us-1.mimecastcybergraph.com/v1/image?imageData=NRa4HAoFLii5FG6BvNh6jY0LKSitEtuB2KfFPw3Teeawjiw0uraqEKF17mG4LyLXM7HyImBglKtKOG%2FQyUbdXc%2FhvnCEMElS%2F%2BY95COriY%2FNj7ciOtaDrXNhPIjQAa8nY8Vu6dg%2F1fyB34Mmtt6RzwwkC%2Fiplc9zEucDgwViEk4rnRZt8zTakosrBcOLkGNJFbIFfrf4UXx8u93eUXrSINIX5X0GrdBtMjzgJPnlTwSvb7ibIuSz1KCnDv4oXkHVnaLFbL5LAl5tutaRTxJs745bKWgXW62eIIKPR95Kktnulu8U6MAXhDT9USC4vqSXCL%2FRiJe%2F4hBNA0kCjOQ1HnRxuj2ik03qMLs0riUP2UCncjUtc8kZYj44DLKrPhsiZjLb0nYWhTnn2Vx%2FSEIxo4rJnDB4fZMEgJb9FyhvXOiXY0NWtIj%2FOJH9pjcK6GWNmLiUxRiVI%2FY4E4AT8IT5SVwJGe3Lm%2Fj7dZ8%3D] <https://twitter.com/PaloAltoNtwks>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20260506/e12de24b/attachment-0001.html>

More information about the CDP-development mailing list