<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;}
@font-face
{font-family:Cambria;
panose-1:2 4 5 3 5 4 6 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
p.gmail-wnfdntf, li.gmail-wnfdntf, div.gmail-wnfdntf
{mso-style-name:gmail-wnfdntf;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:954599859;
mso-list-template-ids:-1585435446;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1600411078;
mso-list-template-ids:-1819007096;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Disruptors,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">If your agency uses Palo Alto devices, this advisory is worth reviewing. The recent CISA security advisory can be found here
<a href="https://www.cisa.gov/news-events/alerts/2026/05/06/cisa-adds-one-known-exploited-vulnerability-catalog">
https://www.cisa.gov/news-events/alerts/2026/05/06/cisa-adds-one-known-exploited-vulnerability-catalog</a> -- Below is a message from Palo Alto on the matter.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif">Kevin Galusha, CISSP</span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">Cybersecurity Architect</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">Clackamas County Technology Services</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">(503)723-4960</span><o:p></o:p></p>
<p class="MsoNormal"><u><span style="font-family:"Arial",sans-serif;color:#0563C1"><a href="mailto:KGalusha@clackamas.us"><span style="color:#0563C1">KGalusha@clackamas.us</span></a></span></u><o:p></o:p></p>
<p class="MsoNormal"><u><span style="font-family:"Arial",sans-serif;color:#0563C1"><a href="http://www.clackamas.us/"><span style="color:#0563C1">www.clackamas.us</span></a></span></u><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <span style="font-size:11.0pt"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Jan Frey <jfrey@paloaltonetworks.com>
<br>
<b>Sent:</b> Wednesday, May 6, 2026 12:28 PM<br>
<b>To:</b> Julian Santiago <jusantiago@paloaltonetworks.com><br>
<b>Subject:</b> Important Security Update: Action Required for PAN-OS (CVE-2026-0300)<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:double #F15D22 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt">
<div>
<p class="MsoNormal" style="background:white"><b><span style="font-size:14.0pt;font-family:"Helvetica",sans-serif;color:black;background:white">Warning: External email. Be cautious opening attachments and links.<o:p></o:p></span></b></p>
</div>
</div>
<div class="MsoNormal" align="center" style="text-align:center;background:white">
<strong><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black;background:white">
<hr size="2" width="100%" align="center">
</span></strong></div>
<p class="MsoNormal" style="margin-bottom:12.0pt;background:white"><o:p> </o:p></p>
<div class="MsoNormal" align="center" style="text-align:center;background:white">
<span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black">
<hr size="2" width="100%" align="center">
</span></div>
<div>
<div>
<p class="gmail-wnfdntf">Hi all,<o:p></o:p></p>
<p class="gmail-wnfdntf">Hope you`re doing great.<o:p></o:p></p>
<p class="gmail-wnfdntf">I`m writing to share an important security update regarding a critical vulnerability (CVE-2026-0300) we just published.<o:p></o:p></p>
<p class="gmail-wnfdntf">We detected an unauthenticated user-initiated buffer overflow vulnerability in the User-ID Authentication Portal (Captive Portal) of PAN-OS. If exploited, it could allow an attacker to execute arbitrary code with root privileges on
PA-Series and VM-Series firewalls.<o:p></o:p></p>
<p class="gmail-wnfdntf">Just FYI, Prisma Access, Cloud NGFW, and Panorama appliances are not impacted by this.<o:p></o:p></p>
<p class="gmail-wnfdntf">The affected PAN-OS versions include:<o:p></o:p></p>
<ul type="disc">
<li class="gmail-wnfdntf" style="mso-list:l0 level1 lfo1">PAN-OS 12.1 (< 12.1.4-h5 and < 12.1.7)<o:p></o:p></li><li class="gmail-wnfdntf" style="mso-list:l0 level1 lfo1">PAN-OS 11.2 (< 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12)<o:p></o:p></li><li class="gmail-wnfdntf" style="mso-list:l0 level1 lfo1">PAN-OS 11.1 (< 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15)<o:p></o:p></li><li class="gmail-wnfdntf" style="mso-list:l0 level1 lfo1">PAN-OS 10.2 (< 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6)<o:p></o:p></li></ul>
<p class="gmail-wnfdntf">Here is what you need to do immediately to mitigate the risk:<o:p></o:p></p>
<ul type="disc">
<li class="gmail-wnfdntf" style="mso-list:l1 level1 lfo2">Restrict your User-ID Authentication Portal access to only trusted internal IP zones.<o:p></o:p></li><li class="gmail-wnfdntf" style="mso-list:l1 level1 lfo2">Please don`t expose it to the public internet.<o:p></o:p></li><li class="gmail-wnfdntf" style="mso-list:l1 level1 lfo2">Alternatively, disable the User-ID Authentication Portal if you don`t require it.<o:p></o:p></li></ul>
<p class="gmail-wnfdntf">If you want to check if your environment was targeted: please make sure you have the latest Threat Prevention content update applied (available for PAN-OS 11.1 and above) and check your Threat logs for any signature matches. It`s also
worth reviewing your system logs for any unexpected crashes or anomalous activity related to the Captive Portal.<o:p></o:p></p>
<p class="gmail-wnfdntf">We`re rolling out fixes in upcoming PAN-OS releases. Depending on your specific version branch, patches are expected to be available on either 05/13 or 05/28.<o:p></o:p></p>
<p class="gmail-wnfdntf">You can read the full advisory and keep track of the ETAs here:
<a href="https://security.paloaltonetworks.com/CVE-2026-0300" target="_blank">
https://security.paloaltonetworks.com/CVE-2026-0300</a><o:p></o:p></p>
<p class="gmail-wnfdntf">Please review your configs and let me know if you need any help implementing the workarounds or have any other questions.<o:p></o:p></p>
<p class="gmail-wnfdntf">Thx,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<o:p></o:p></p>
</div>
<div>
<div>
<div>
<p style="margin:0in"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#6C6C6C">Jan Frey | Solutions Consultant, SLED</span></b><span style="color:#888888"><o:p></o:p></span></p>
<p style="margin:0in"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#6C6C6C">Palo Alto Networks<b> | </b>3000 Tannery Way<b> | </b>Santa Clara, CA 95054<b> | </b>USA</span><span style="color:#888888"><o:p></o:p></span></p>
<p style="margin:0in"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#6C6C6C">Mobile:</span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#6C6C6C"> 503.519.7538 <b>|</b> </span><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:blue">www.</span><span style="color:#888888"><a href="https://www.paloaltonetworks.com/" target="_blank"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#0000E9">paloaltonetworks.com</span></a><o:p></o:p></span></p>
<p style="margin:0in"><span style="color:#888888"><br>
</span><a href="https://www.paloaltonetworks.com/" target="_blank"><span style="font-family:"Cambria",serif;color:#1155CC;border:none windowtext 1.0pt;padding:0in;text-decoration:none"><img border="0" width="66" height="32" style="width:.6875in;height:.3333in" id="_x0000_i1030" src="https://image-tracking-service.us-1.mimecastcybergraph.com/v1/image?imageData=BK1eoXk3QlYnnnrWH%2BenG3DSzdU%2F9Q930Rx5YV7jVwNiyCtBZawqki8Js5RL%2FPoKCN52bkW%2FMjELOm6a9Y1VpvReoKWapbB7mQfElhAsP7uIWTTxU4oCtMObBFrZJfTpfzlQIVjYYxJ6hyvfO2P1GVzhn1x83%2FyHK1vtctHGYjyoFwgNVfVk75YCL8nPWxRCd7Xb5b4%2FhuNXRvyftYueyX9Nw2Nv2ncfXYcXKQ1ASzr589LS5KSL4A0bcWamQ%2B47aVwnssxgUk7poX9iXtfPc4S7bgJk7C8hC%2FOBMj47J00pYPK1jNeCyUfNW8wTv6NLb2yByr7ZSG1rnUObTU%2FmYd1wvdIFnsZPeJ6PCCywRVnp27ZMvSK3CHUtJZ5xo%2FHXfm5MBMmKponRTuOM8lgQOtCoCZrCdmaKitIt%2FRDXsB4VEBY9zwPWS6rFToXtBYK2c%2FpNVBO5w5EMIoq0tUroQY6tzBA8xI1iz0Q%3D"></span></a><span style="font-family:"Cambria",serif;color:black">
</span><a href="https://www.linkedin.com/company/palo-alto-networks" target="_blank"><span style="font-family:"Cambria",serif;color:#1155CC;border:none windowtext 1.0pt;padding:0in;text-decoration:none"><img border="0" width="31" height="58" style="width:.3229in;height:.6041in" id="_x0000_i1029" src="https://image-tracking-service.us-1.mimecastcybergraph.com/v1/image?imageData=LQ69z%2Bzm6MNWZEkD2eN6d1lmGkU0eyLBJ2rSxI37NpnUTwXJCW%2Ff3pL1WR1PQx9MbPmVETPNJ%2F63AJ%2BNwlhArBVl9uYa%2BOHd3FOoY5lXhjDsAwqOJwfGlTDfZmggxt04DKNVdlFKe9WqDJfSpBImV2ZI0u6nUrMswLw2mbm2zLecD%2FU5EIRBp6NWYzMNXEphwVKGQjiOqqTXsTVBr0BtsDWm7%2Ftr6wumHjJEJmvIji%2FbDghXAETZ%2FLI4LfHJvUnEzlnLQEBzp7dmWVLymaBZ7yBCtvqjNIFK6p0doLSkDF0yM3YWHhEhnPPEKXH4ySyqZXyuUpPIh%2FWUPnrhLwzB8Vo9SVNP0%2FNVFXow16p4u%2B5fAwgt8eS4ofCbLhVlJrpUT7Uk0jiH5V40zbadLJorSDwzlDhsG2Hm5tgmD4ZoUkVsBxP6vri%2BPUuFJglF4C8j76%2FCXoiA5DelcJy0bdEm1LK9S%2FEOrhqwEgk%3D"></span></a><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black"> </span><a href="https://www.facebook.com/PaloAltoNetworks/" target="_blank"><span style="font-family:"Cambria",serif;color:#1155CC;border:none windowtext 1.0pt;padding:0in;text-decoration:none"><img border="0" width="31" height="58" style="width:.3229in;height:.6041in" id="_x0000_i1028" src="https://image-tracking-service.us-1.mimecastcybergraph.com/v1/image?imageData=6vLmX3NkD%2F3yvYf58egJEtnLgZtAMblu2nPCnrXCEtx%2Bi3SDfVIvB01Dmxe9NyGSXEXOWH%2B58tmOcFvb4TQHT2ISpksQYn86dSTOFDN8IPh8OawdcuE3rk6ZHXbQKbPx0EtHYOYO8zaz6MXZjWNgTuAF4%2Fx0Dovbl%2BKmX4NWkTgJOxorHyu%2FZtC1TSxqCmKlzLLz78jv9XABvAhvnzVV6tVba88Gu%2Fwbz9YKv25N2Iy5%2B9pZ%2BySk%2BaRZwwweIO%2B79KwwKvyj5iWD22qCM15PmpvVDk2TgxF308HeccmSrOBh1O%2F4hCoBpv7Vi2Wb2ofvmtFMOWs0Egr%2FpE6KrZeLCAoXO%2BdEW5y0y5Dm1Mf8sQNREuBBrw2VTfDcwjv4fqGzaANa962YbNVeOr2TlnbR60R3cK8Qs8z5o8HNNrKuw%2Bl76VJqAYbE%2BbRJ513z8qLoysVIIiM5K7xYXdtjgr0dTHzBuWXyv5U9eUA%3D"></span></a><span style="font-family:"Cambria",serif;color:black"> </span><a href="https://twitter.com/PaloAltoNtwks" target="_blank"><span style="font-family:"Cambria",serif;color:#1155CC;border:none windowtext 1.0pt;padding:0in;text-decoration:none"><img border="0" width="31" height="58" style="width:.3229in;height:.6041in" id="_x0000_i1027" src="https://image-tracking-service.us-1.mimecastcybergraph.com/v1/image?imageData=NRa4HAoFLii5FG6BvNh6jY0LKSitEtuB2KfFPw3Teeawjiw0uraqEKF17mG4LyLXM7HyImBglKtKOG%2FQyUbdXc%2FhvnCEMElS%2F%2BY95COriY%2FNj7ciOtaDrXNhPIjQAa8nY8Vu6dg%2F1fyB34Mmtt6RzwwkC%2Fiplc9zEucDgwViEk4rnRZt8zTakosrBcOLkGNJFbIFfrf4UXx8u93eUXrSINIX5X0GrdBtMjzgJPnlTwSvb7ibIuSz1KCnDv4oXkHVnaLFbL5LAl5tutaRTxJs745bKWgXW62eIIKPR95Kktnulu8U6MAXhDT9USC4vqSXCL%2FRiJe%2F4hBNA0kCjOQ1HnRxuj2ik03qMLs0riUP2UCncjUtc8kZYj44DLKrPhsiZjLb0nYWhTnn2Vx%2FSEIxo4rJnDB4fZMEgJb9FyhvXOiXY0NWtIj%2FOJH9pjcK6GWNmLiUxRiVI%2FY4E4AT8IT5SVwJGe3Lm%2Fj7dZ8%3D"></span></a><span style="color:#888888"><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</body>
</html>