Palo Alto PAN-OS Remote Code Execution Vulnerability
Release Date: 6 May 2026
RISK: High Risk
TYPE: Security software and application - Security Software & Appliance
A vulnerability was identified in Palo Alto PAN-OS. A remote attacker can exploit this vulnerability to trigger remote code execution on the targeted system.
Note:
CVE-2026-0300 is being scattered exploited. User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.
Impact
- Remote Code Execution
System / Technologies affected
- PAN-OS 10.2 versions earlier than PAN-OS 10.2.7-h34, 10.2.10-h36, 10.2.13-h21, 10.2.16-h7, 10.2.18-h6
- PAN-OS 11.1 versions earlier than PAN-OS 11.1.4-h33, 11.1.6-h32, 11.1.7-h6, 11.1.10-h25, 11.1.13-h5, 11.1.15
- PAN-OS 11.2 versions earlier than PAN-OS 11.2.4-h17, 11.2.7-h13, 11.2.10-h6, 11.2.12
- PAN-OS 12.1 versions earlier than PAN-OS 12.1.4-h5, 12.1.7
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor
- For detail, please refer to the link below:
https://security.paloaltonetworks.com/CVE-2026-0300
沒有留言:
發佈留言