{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0300", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2025-11-03T20:44:58.173Z", "datePublished": "2026-05-06T18:57:39.876Z", "dateUpdated": "2026-05-07T03:55:34.043Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-05-06T22:09:48.796Z"}, "title": "PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID\u2122 Authentication Portal", "datePublic": "2026-05-05T23:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Cloud NGFW", "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "PAN-OS", "versions": [{"status": "affected", "version": "12.1.0", "lessThan": "12.1.7", "changes": [{"at": "12.1.7", "status": "unaffected"}, {"at": "12.1.4-h5", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "11.2.0", "lessThan": "11.2.12", "changes": [{"at": "11.2.12", "status": "unaffected"}, {"at": "11.2.10-h6", "status": "unaffected"}, {"at": "11.2.7-h13", "status": "unaffected"}, {"at": "11.2.4-h17", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "11.1.0", "lessThan": "11.1.15", "changes": [{"at": "11.1.15", "status": "unaffected"}, {"at": "11.1.13-h5", "status": "unaffected"}, {"at": "11.1.10-h25", "status": "unaffected"}, {"at": "11.1.7-h6", "status": "unaffected"}, {"at": "11.1.6-h32", "status": "unaffected"}, {"at": "11.1.4-h33", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "10.2.0", "lessThan": "10.2.18-h6", "changes": [{"at": "10.2.18-h6", "status": "unaffected"}, {"at": "10.2.16-h7", "status": "unaffected"}, {"at": "10.2.13-h21", "status": "unaffected"}, {"at": "10.2.10-h36", "status": "unaffected"}, {"at": "10.2.7-h34", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected", "cpes": ["cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"]}, {"vendor": "Palo Alto Networks", "product": "Prisma Access", "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "12.1.4-h5", "versionStartIncluding": "12.1.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "12.1.7", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.2.4-h17", "versionStartIncluding": "11.2.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.2.7-h13", "versionStartIncluding": "11.2.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.2.10-h6", "versionStartIncluding": "11.2.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.2.12", "versionStartIncluding": "11.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.1.4-h33", "versionStartIncluding": "11.1.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.1.6-h32", "versionStartIncluding": "11.1.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.1.7-h6", "versionStartIncluding": "11.1.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.1.10-h25", "versionStartIncluding": "11.1.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.1.13-h5", "versionStartIncluding": "11.1.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.1.15", "versionStartIncluding": "11.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.2.7-h34", "versionStartIncluding": "10.2.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.2.10-h36", "versionStartIncluding": "10.2.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.2.13-h21", "versionStartIncluding": "10.2.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.2.16-h7", "versionStartIncluding": "10.2.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.2.18-h6", "versionStartIncluding": "10.2.18", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability in the User-ID\u2122 Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. \n\nThe risk of this issue is greatly reduced if you secure access to the User-ID\u2122 Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses.\n\nPrisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>A buffer overflow vulnerability in the User-ID\u2122 Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. <br><br>The risk of this issue is greatly reduced if you secure access to the User-ID\u2122 Authentication Portal per the <a target=\"_blank\" rel=\"nofollow\" href=\"https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CqbiCAC\">best practice guidelines</a> by restricting access to only trusted internal IP addresses.<br><br>Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability. </p>"}]}], "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0300", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "The risk is highest when you configure the User-ID\u2122 Authentication Portal to enable access from the Internet or any untrusted network."}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "ATTACKED", "Safety": "NOT_DEFINED", "Automatable": "YES", "Recovery": "USER", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "RED", "version": "4.0", "baseSeverity": "CRITICAL", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A/AU:Y/R:U/V:C/RE:M/U:Red"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "You can greatly reduce the risk of exploitation by restricting User-ID\u2122 Authentication Portal access to only trusted internal IP addresses and preventing its exposure to the internet."}], "cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "ATTACKED", "Safety": "NOT_DEFINED", "Automatable": "YES", "Recovery": "USER", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "RED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A/AU:Y/R:U/V:C/RE:M/U:Red"}}], "configurations": [{"lang": "eng", "value": "This issue is applicable only to PA-Series and VM-Series firewalls that are configured to use User-ID\u2122 Authentication Portal.\n\nCustomers are impacted if both of the following conditions are true:\n\n\n * User-ID\u2122 Authentication Portal configured in the User-ID\u2122 Authentication Portal Settings page. You can verify the configuration by going to Device > User Identification > Authentication Portal Settings -> Enable Authentication Portal (applies to both transparent and redirect modes) and\n * An interface management profile with response pages enabled and associated with an external/internet-accessible interface. You can verify the configuration by going to Network > Interface > Select the interface > Advanced Tab > Create Management Interface Profile.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>This issue is applicable only to PA-Series and VM-Series firewalls that are configured to use User-ID\u2122 Authentication Portal.<br><br>Customers are impacted if both of the following conditions are true:<br></p><ul><li>User-ID\u2122 Authentication Portal configured in the User-ID\u2122 Authentication Portal Settings page. You can verify the configuration by going to Device &gt; User Identification &gt; Authentication Portal Settings -&gt; Enable Authentication Portal (applies to both transparent and redirect modes) <b>and</b></li><li>An interface management profile with response pages enabled and associated with an external/internet-accessible interface. You can verify the configuration by going to Network &gt; Interface &gt; Select the interface &gt; Advanced Tab &gt; Create Management Interface Profile.<br></li></ul><p></p>"}]}], "workarounds": [{"lang": "eng", "value": "Customers can mitigate the risk of this issue by taking either of the following actions:\n\n * Restrict User-ID\u2122 Authentication Portal access to only trusted zones and in addition, disable Response Pages in the Interface Management Profile attached to every L3 interface in any zone where untrusted/internet traffic can ingress. Keep Response Pages enabled only on interfaces in trust/internal zones where legitimate users' browsers ingress. Refer to Step 6 of the following Live Community article (https://live.paloaltonetworks.com/t5/general-articles/why-it-s-essential-to-secure-your-management-interface/ta-p/1001286) and Knowledgebase article (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CqbiCAC) for steps to restrict access.\n \n * Disable User-ID\u2122 Authentication Portal if not required.\n \n\nCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510019 from Applications and Threats content version 9097-10022. Decoder capabilities necessitate PAN-OS 11.1 or a later version for Threat ID support.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Customers can mitigate the risk of this issue by taking either of the following actions:<br><ul><li>Restrict User-ID\u2122 Authentication Portal access to only trusted zones and in addition, disable Response Pages in the Interface Management Profile attached to every L3 interface in any zone where untrusted/internet traffic can ingress. Keep Response Pages enabled only on interfaces in trust/internal zones where legitimate users' browsers ingress. Refer to Step 6 of the following <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/general-articles/why-it-s-essential-to-secure-your-management-interface/ta-p/1001286\">Live Community article</a> and <a target=\"_blank\" rel=\"nofollow\" href=\"https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CqbiCAC\">Knowledgebase article</a> for steps to restrict access.<br></li><li>Disable User-ID\u2122 Authentication Portal if not required.<br></li></ul>Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID&nbsp;510019 from Applications and Threats content version 9097-10022. Decoder capabilities necessitate PAN-OS 11.1 or a later version for Threat ID support."}]}], "solutions": [{"lang": "eng", "value": "This issue will be fixed in upcoming releases of PAN-OS as captured in the table above.\n\nWe strongly recommend that you secure access to your User-ID\u2122 Authentication Portal following the instructions in the workarounds section below.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "This issue will be fixed in upcoming releases of PAN-OS as captured in the table above.<br><br>We strongly recommend that you secure access to your User-ID\u2122 Authentication Portal following the instructions in the workarounds section below."}]}], "exploits": [{"lang": "en", "value": "Limited exploitation has been observed targeting Palo Alto Networks User-ID\u2122 Authentication Portals that are exposed to untrusted IP addresses and/or the public internet. Customers following standard security best practices, such as restricting sensitive portals to trusted internal networks are at a greatly reduced risk.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Limited exploitation has been observed targeting Palo Alto Networks User-ID\u2122 Authentication Portals that are exposed to untrusted IP addresses and/or the public internet. Customers following standard security best practices, such as restricting sensitive portals to trusted internal networks are at a greatly reduced risk."}]}], "timeline": [{"time": "2026-05-06T17:27:00.000Z", "lang": "en", "value": "Updated with Threat Prevention ID and clarified the Required Configuration section."}, {"time": "2026-05-05T23:00:00.000Z", "lang": "en", "value": "Initial publication."}], "source": {"discovery": "USER"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "x_affectedList": ["PAN-OS 12.1.6", "PAN-OS 12.1.5", "PAN-OS 12.1.4-h3", "PAN-OS 12.1.4-h2", "PAN-OS 12.1.4", "PAN-OS 12.1.3-h3", "PAN-OS 12.1.3-h1", "PAN-OS 12.1.3", "PAN-OS 12.1.2", "PAN-OS 11.2.11", "PAN-OS 11.2.10-h4", "PAN-OS 11.2.10-h3", "PAN-OS 11.2.10-h2", "PAN-OS 11.2.10-h1", "PAN-OS 11.2.10", "PAN-OS 11.2.9", "PAN-OS 11.2.8", "PAN-OS 11.2.7-h11", "PAN-OS 11.2.7-h10", "PAN-OS 11.2.7-h8", "PAN-OS 11.2.7-h7", "PAN-OS 11.2.7-h4", "PAN-OS 11.2.7-h3", "PAN-OS 11.2.7-h2", "PAN-OS 11.2.7-h1", "PAN-OS 11.2.7", "PAN-OS 11.2.6", "PAN-OS 11.2.5", "PAN-OS 11.2.4-h15", "PAN-OS 11.2.4-h14", "PAN-OS 11.2.4-h12", "PAN-OS 11.2.4-h11", "PAN-OS 11.2.4-h10", "PAN-OS 11.2.4-h9", "PAN-OS 11.2.4-h8", "PAN-OS 11.2.4-h7", "PAN-OS 11.2.4-h6", "PAN-OS 11.2.4-h5", "PAN-OS 11.2.4-h4", "PAN-OS 11.2.4-h3", "PAN-OS 11.2.4-h2", "PAN-OS 11.2.4-h1", "PAN-OS 11.2.4", "PAN-OS 11.2.3-h5", "PAN-OS 11.2.3-h4", "PAN-OS 11.2.3-h3", "PAN-OS 11.2.3-h2", "PAN-OS 11.2.3-h1", "PAN-OS 11.2.3", "PAN-OS 11.2.2-h2", "PAN-OS 11.2.2-h1", "PAN-OS 11.2.1-h1", "PAN-OS 11.2.1", "PAN-OS 11.2.0-h1", "PAN-OS 11.2.0", "PAN-OS 11.1.13-h3", "PAN-OS 11.1.13-h2", "PAN-OS 11.1.13-h1", "PAN-OS 11.1.13", "PAN-OS 11.1.12", "PAN-OS 11.1.11", "PAN-OS 11.1.10-h21", "PAN-OS 11.1.10-h12", "PAN-OS 11.1.10-h10", "PAN-OS 11.1.10-h9", "PAN-OS 11.1.10-h7", "PAN-OS 11.1.10-h5", "PAN-OS 11.1.10-h4", "PAN-OS 11.1.10-h1", "PAN-OS 11.1.10", "PAN-OS 11.1.9", "PAN-OS 11.1.8", "PAN-OS 11.1.6-h29", "PAN-OS 11.1.6-h25", "PAN-OS 11.1.6-h23", "PAN-OS 11.1.6-h22", "PAN-OS 11.1.6-h21", "PAN-OS 11.1.6-h20", "PAN-OS 11.1.6-h19", "PAN-OS 11.1.6-h18", "PAN-OS 11.1.6-h17", "PAN-OS 11.1.6-h14", "PAN-OS 11.1.6-h10", "PAN-OS 11.1.6-h7", "PAN-OS 11.1.6-h6", "PAN-OS 11.1.6-h4", "PAN-OS 11.1.6-h3", "PAN-OS 11.1.6-h2", "PAN-OS 11.1.6-h1", "PAN-OS 11.1.6", "PAN-OS 11.1.5-h1", "PAN-OS 11.1.5", "PAN-OS 11.1.4-h27", "PAN-OS 11.1.4-h25", "PAN-OS 11.1.4-h18", "PAN-OS 11.1.4-h17", "PAN-OS 11.1.4-h15", "PAN-OS 11.1.4-h13", "PAN-OS 11.1.4-h12", "PAN-OS 11.1.4-h11", "PAN-OS 11.1.4-h10", "PAN-OS 11.1.4-h9", "PAN-OS 11.1.4-h8", "PAN-OS 11.1.4-h7", "PAN-OS 11.1.4-h6", "PAN-OS 11.1.4-h5", "PAN-OS 11.1.4-h4", "PAN-OS 11.1.4-h3", "PAN-OS 11.1.4-h2", "PAN-OS 11.1.4-h1", "PAN-OS 11.1.4", "PAN-OS 11.1.3-h13", "PAN-OS 11.1.3-h12", "PAN-OS 11.1.3-h11", "PAN-OS 11.1.3-h10", "PAN-OS 11.1.3-h9", "PAN-OS 11.1.3-h8", "PAN-OS 11.1.3-h7", "PAN-OS 11.1.3-h6", "PAN-OS 11.1.3-h5", "PAN-OS 11.1.3-h4", "PAN-OS 11.1.3-h3", "PAN-OS 11.1.3-h2", "PAN-OS 11.1.3-h1", "PAN-OS 11.1.3", "PAN-OS 11.1.2-h18", "PAN-OS 11.1.2-h17", "PAN-OS 11.1.2-h16", "PAN-OS 11.1.2-h15", "PAN-OS 11.1.2-h14", "PAN-OS 11.1.2-h13", "PAN-OS 11.1.2-h12", "PAN-OS 11.1.2-h11", "PAN-OS 11.1.2-h10", "PAN-OS 11.1.2-h9", "PAN-OS 11.1.2-h8", "PAN-OS 11.1.2-h7", "PAN-OS 11.1.2-h6", "PAN-OS 11.1.2-h5", "PAN-OS 11.1.2-h4", "PAN-OS 11.1.2-h3", "PAN-OS 11.1.2-h2", "PAN-OS 11.1.2-h1", "PAN-OS 11.1.2", "PAN-OS 11.1.1-h2", "PAN-OS 11.1.1-h1", "PAN-OS 11.1.1", "PAN-OS 11.1.0-h4", "PAN-OS 11.1.0-h3", "PAN-OS 11.1.0-h2", "PAN-OS 11.1.0-h1", "PAN-OS 11.1.0", "PAN-OS 10.2.18-h1", "PAN-OS 10.2.18", "PAN-OS 10.2.17", "PAN-OS 10.2.16-h6", "PAN-OS 10.2.16-h4", "PAN-OS 10.2.16-h1", "PAN-OS 10.2.16", "PAN-OS 10.2.15", "PAN-OS 10.2.14-h1", "PAN-OS 10.2.14", "PAN-OS 10.2.13-h18", "PAN-OS 10.2.13-h16", "PAN-OS 10.2.13-h15", "PAN-OS 10.2.13-h10", "PAN-OS 10.2.13-h7", "PAN-OS 10.2.13-h5", "PAN-OS 10.2.13-h4", "PAN-OS 10.2.13-h3", "PAN-OS 10.2.13-h2", "PAN-OS 10.2.13-h1", "PAN-OS 10.2.13", "PAN-OS 10.2.12-h6", "PAN-OS 10.2.12-h5", "PAN-OS 10.2.12-h4", "PAN-OS 10.2.12-h3", "PAN-OS 10.2.12-h2", "PAN-OS 10.2.12-h1", "PAN-OS 10.2.12", "PAN-OS 10.2.11-h13", "PAN-OS 10.2.11-h12", "PAN-OS 10.2.11-h11", "PAN-OS 10.2.11-h10", "PAN-OS 10.2.11-h9", "PAN-OS 10.2.11-h8", "PAN-OS 10.2.11-h7", "PAN-OS 10.2.11-h6", "PAN-OS 10.2.11-h5", "PAN-OS 10.2.11-h4", "PAN-OS 10.2.11-h3", "PAN-OS 10.2.11-h2", "PAN-OS 10.2.11-h1", "PAN-OS 10.2.11", "PAN-OS 10.2.10-h31", "PAN-OS 10.2.10-h30", "PAN-OS 10.2.10-h27", "PAN-OS 10.2.10-h26", "PAN-OS 10.2.10-h23", "PAN-OS 10.2.10-h21", "PAN-OS 10.2.10-h18", "PAN-OS 10.2.10-h17", "PAN-OS 10.2.10-h14", "PAN-OS 10.2.10-h13", "PAN-OS 10.2.10-h12", "PAN-OS 10.2.10-h11", "PAN-OS 10.2.10-h10", "PAN-OS 10.2.10-h9", "PAN-OS 10.2.10-h8", "PAN-OS 10.2.10-h7", "PAN-OS 10.2.10-h6", "PAN-OS 10.2.10-h5", "PAN-OS 10.2.10-h4", "PAN-OS 10.2.10-h3", "PAN-OS 10.2.10-h2", "PAN-OS 10.2.10-h1", "PAN-OS 10.2.10", "PAN-OS 10.2.9-h21", "PAN-OS 10.2.9-h20", "PAN-OS 10.2.9-h19", "PAN-OS 10.2.9-h18", "PAN-OS 10.2.9-h17", "PAN-OS 10.2.9-h16", "PAN-OS 10.2.9-h15", "PAN-OS 10.2.9-h14", "PAN-OS 10.2.9-h13", "PAN-OS 10.2.9-h12", "PAN-OS 10.2.9-h11", "PAN-OS 10.2.9-h10", "PAN-OS 10.2.9-h9", "PAN-OS 10.2.9-h8", "PAN-OS 10.2.9-h7", "PAN-OS 10.2.9-h6", "PAN-OS 10.2.9-h5", "PAN-OS 10.2.9-h4", "PAN-OS 10.2.9-h3", "PAN-OS 10.2.9-h2", "PAN-OS 10.2.9-h1", "PAN-OS 10.2.9", "PAN-OS 10.2.8-h21", "PAN-OS 10.2.8-h20", "PAN-OS 10.2.8-h19", "PAN-OS 10.2.8-h18", "PAN-OS 10.2.8-h17", "PAN-OS 10.2.8-h16", "PAN-OS 10.2.8-h15", "PAN-OS 10.2.8-h14", "PAN-OS 10.2.8-h13", "PAN-OS 10.2.8-h12", "PAN-OS 10.2.8-h11", "PAN-OS 10.2.8-h10", "PAN-OS 10.2.8-h9", "PAN-OS 10.2.8-h8", "PAN-OS 10.2.8-h7", "PAN-OS 10.2.8-h6", "PAN-OS 10.2.8-h5", "PAN-OS 10.2.8-h4", "PAN-OS 10.2.8-h3", "PAN-OS 10.2.8-h2", "PAN-OS 10.2.8-h1", "PAN-OS 10.2.8", "PAN-OS 10.2.7-h32", "PAN-OS 10.2.7-h24", "PAN-OS 10.2.7-h23", "PAN-OS 10.2.7-h22", "PAN-OS 10.2.7-h21", "PAN-OS 10.2.7-h20", "PAN-OS 10.2.7-h19", "PAN-OS 10.2.7-h18", "PAN-OS 10.2.7-h17", "PAN-OS 10.2.7-h16", "PAN-OS 10.2.7-h15", "PAN-OS 10.2.7-h14", "PAN-OS 10.2.7-h13", "PAN-OS 10.2.7-h12", "PAN-OS 10.2.7-h11", "PAN-OS 10.2.7-h10", "PAN-OS 10.2.7-h9", "PAN-OS 10.2.7-h8", "PAN-OS 10.2.7-h7", "PAN-OS 10.2.7-h6", "PAN-OS 10.2.7-h5", "PAN-OS 10.2.7-h4", "PAN-OS 10.2.7-h3", "PAN-OS 10.2.7-h2", "PAN-OS 10.2.7-h1", "PAN-OS 10.2.7", "PAN-OS 10.2.6-h6", "PAN-OS 10.2.6-h5", "PAN-OS 10.2.6-h4", "PAN-OS 10.2.6-h3", "PAN-OS 10.2.6-h2", "PAN-OS 10.2.6-h1", "PAN-OS 10.2.6", "PAN-OS 10.2.5-h9", "PAN-OS 10.2.5-h8", "PAN-OS 10.2.5-h7", "PAN-OS 10.2.5-h6", "PAN-OS 10.2.5-h5", "PAN-OS 10.2.5-h4", "PAN-OS 10.2.5-h3", "PAN-OS 10.2.5-h2", "PAN-OS 10.2.5-h1", "PAN-OS 10.2.5", "PAN-OS 10.2.4-h32", "PAN-OS 10.2.4-h31", "PAN-OS 10.2.4-h30", "PAN-OS 10.2.4-h29", "PAN-OS 10.2.4-h28", "PAN-OS 10.2.4-h27", "PAN-OS 10.2.4-h26", "PAN-OS 10.2.4-h25", "PAN-OS 10.2.4-h24", "PAN-OS 10.2.4-h23", "PAN-OS 10.2.4-h22", "PAN-OS 10.2.4-h21", "PAN-OS 10.2.4-h20", "PAN-OS 10.2.4-h19", "PAN-OS 10.2.4-h18", "PAN-OS 10.2.4-h17", "PAN-OS 10.2.4-h16", "PAN-OS 10.2.4-h15", "PAN-OS 10.2.4-h14", "PAN-OS 10.2.4-h13", "PAN-OS 10.2.4-h12", "PAN-OS 10.2.4-h11", "PAN-OS 10.2.4-h10", "PAN-OS 10.2.4-h9", "PAN-OS 10.2.4-h8", "PAN-OS 10.2.4-h7", "PAN-OS 10.2.4-h6", "PAN-OS 10.2.4-h5", "PAN-OS 10.2.4-h4", "PAN-OS 10.2.4-h3", "PAN-OS 10.2.4-h2", "PAN-OS 10.2.4-h1", "PAN-OS 10.2.4", "PAN-OS 10.2.3-h14", "PAN-OS 10.2.3-h13", "PAN-OS 10.2.3-h12", "PAN-OS 10.2.3-h11", "PAN-OS 10.2.3-h10", "PAN-OS 10.2.3-h9", "PAN-OS 10.2.3-h8", "PAN-OS 10.2.3-h7", "PAN-OS 10.2.3-h6", "PAN-OS 10.2.3-h5", "PAN-OS 10.2.3-h4", "PAN-OS 10.2.3-h3", "PAN-OS 10.2.3-h2", "PAN-OS 10.2.3-h1", "PAN-OS 10.2.3", "PAN-OS 10.2.2-h6", "PAN-OS 10.2.2-h5", "PAN-OS 10.2.2-h4", "PAN-OS 10.2.2-h3", "PAN-OS 10.2.2-h2", "PAN-OS 10.2.2-h1", "PAN-OS 10.2.2", "PAN-OS 10.2.1-h3", "PAN-OS 10.2.1-h2", "PAN-OS 10.2.1-h1", "PAN-OS 10.2.1", "PAN-OS 10.2.0-h4", "PAN-OS 10.2.0-h3", "PAN-OS 10.2.0-h2", "PAN-OS 10.2.0-h1", "PAN-OS 10.2.0"]}, "adp": [{"references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0300", "tags": ["government-resource"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-06T00:00:00+00:00", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-0300"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2026-05-06", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0300"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-07T03:55:34.043Z"}, "timeline": [{"time": "2026-05-06T00:00:00.000Z", "lang": "en", "value": "CVE-2026-0300 added to CISA KEV"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0300", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-05-06T19:11:13.428974Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2026-05-06", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0300"}}}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0300", "tags": ["government-resource"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-06T19:11:36.400Z"}, "timeline": [{"lang": "en", "time": "2026-05-06T00:00:00.000Z", "value": "CVE-2026-0300 added to CISA KEV"}]}], "cna": {"title": "PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID\u2122 Authentication Portal", "source": {"discovery": "USER"}, "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 9.3, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A/AU:Y/R:U/V:C/RE:M/U:Red", "exploitMaturity": "ATTACKED", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "The risk is highest when you configure the User-ID\u2122 Authentication Portal to enable access from the Internet or any untrusted network."}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 8.7, "Automatable": "YES", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A/AU:Y/R:U/V:C/RE:M/U:Red", "exploitMaturity": "ATTACKED", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "You can greatly reduce the risk of exploitation by restricting User-ID\u2122 Authentication Portal access to only trusted internal IP addresses and preventing its exposure to the internet."}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Cloud NGFW", "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"], "vendor": "Palo Alto Networks", "product": "PAN-OS", "versions": [{"status": "affected", "changes": [{"at": "12.1.7", "status": "unaffected"}, {"at": "12.1.4-h5", "status": "unaffected"}], "version": "12.1.0", "lessThan": "12.1.7", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "11.2.12", "status": "unaffected"}, {"at": "11.2.10-h6", "status": "unaffected"}, {"at": "11.2.7-h13", "status": "unaffected"}, {"at": "11.2.4-h17", "status": "unaffected"}], "version": "11.2.0", "lessThan": "11.2.12", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "11.1.15", "status": "unaffected"}, {"at": "11.1.13-h5", "status": "unaffected"}, {"at": "11.1.10-h25", "status": "unaffected"}, {"at": "11.1.7-h6", "status": "unaffected"}, {"at": "11.1.6-h32", "status": "unaffected"}, {"at": "11.1.4-h33", "status": "unaffected"}], "version": "11.1.0", "lessThan": "11.1.15", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "10.2.18-h6", "status": "unaffected"}, {"at": "10.2.16-h7", "status": "unaffected"}, {"at": "10.2.13-h21", "status": "unaffected"}, {"at": "10.2.10-h36", "status": "unaffected"}, {"at": "10.2.7-h34", "status": "unaffected"}], "version": "10.2.0", "lessThan": "10.2.18-h6", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "Prisma Access", "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Limited exploitation has been observed targeting Palo Alto Networks User-ID\u2122 Authentication Portals that are exposed to untrusted IP addresses and/or the public internet. Customers following standard security best practices, such as restricting sensitive portals to trusted internal networks are at a greatly reduced risk.", "supportingMedia": [{"type": "text/html", "value": "Limited exploitation has been observed targeting Palo Alto Networks User-ID\u2122 Authentication Portals that are exposed to untrusted IP addresses and/or the public internet. Customers following standard security best practices, such as restricting sensitive portals to trusted internal networks are at a greatly reduced risk.", "base64": false}]}], "timeline": [{"lang": "en", "time": "2026-05-06T17:27:00.000Z", "value": "Updated with Threat Prevention ID and clarified the Required Configuration section."}, {"lang": "en", "time": "2026-05-05T23:00:00.000Z", "value": "Initial publication."}], "solutions": [{"lang": "eng", "value": "This issue will be fixed in upcoming releases of PAN-OS as captured in the table above.\n\nWe strongly recommend that you secure access to your User-ID\u2122 Authentication Portal following the instructions in the workarounds section below.", "supportingMedia": [{"type": "text/html", "value": "This issue will be fixed in upcoming releases of PAN-OS as captured in the table above.<br><br>We strongly recommend that you secure access to your User-ID\u2122 Authentication Portal following the instructions in the workarounds section below.", "base64": false}]}], "datePublic": "2026-05-05T23:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0300", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "eng", "value": "Customers can mitigate the risk of this issue by taking either of the following actions:\n\n * Restrict User-ID\u2122 Authentication Portal access to only trusted zones and in addition, disable Response Pages in the Interface Management Profile attached to every L3 interface in any zone where untrusted/internet traffic can ingress. Keep Response Pages enabled only on interfaces in trust/internal zones where legitimate users' browsers ingress. Refer to Step 6 of the following Live Community article (https://live.paloaltonetworks.com/t5/general-articles/why-it-s-essential-to-secure-your-management-interface/ta-p/1001286) and Knowledgebase article (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CqbiCAC) for steps to restrict access.\n \n * Disable User-ID\u2122 Authentication Portal if not required.\n \n\nCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510019 from Applications and Threats content version 9097-10022. Decoder capabilities necessitate PAN-OS 11.1 or a later version for Threat ID support.", "supportingMedia": [{"type": "text/html", "value": "Customers can mitigate the risk of this issue by taking either of the following actions:<br><ul><li>Restrict User-ID\u2122 Authentication Portal access to only trusted zones and in addition, disable Response Pages in the Interface Management Profile attached to every L3 interface in any zone where untrusted/internet traffic can ingress. Keep Response Pages enabled only on interfaces in trust/internal zones where legitimate users' browsers ingress. Refer to Step 6 of the following <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/general-articles/why-it-s-essential-to-secure-your-management-interface/ta-p/1001286\">Live Community article</a> and <a target=\"_blank\" rel=\"nofollow\" href=\"https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CqbiCAC\">Knowledgebase article</a> for steps to restrict access.<br></li><li>Disable User-ID\u2122 Authentication Portal if not required.<br></li></ul>Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID&nbsp;510019 from Applications and Threats content version 9097-10022. Decoder capabilities necessitate PAN-OS 11.1 or a later version for Threat ID support.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability in the User-ID\u2122 Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. \n\nThe risk of this issue is greatly reduced if you secure access to the User-ID\u2122 Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses.\n\nPrisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "<p>A buffer overflow vulnerability in the User-ID\u2122 Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. <br><br>The risk of this issue is greatly reduced if you secure access to the User-ID\u2122 Authentication Portal per the <a target=\"_blank\" rel=\"nofollow\" href=\"https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CqbiCAC\">best practice guidelines</a> by restricting access to only trusted internal IP addresses.<br><br>Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability. </p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write"}]}], "configurations": [{"lang": "eng", "value": "This issue is applicable only to PA-Series and VM-Series firewalls that are configured to use User-ID\u2122 Authentication Portal.\n\nCustomers are impacted if both of the following conditions are true:\n\n\n * User-ID\u2122 Authentication Portal configured in the User-ID\u2122 Authentication Portal Settings page. You can verify the configuration by going to Device > User Identification > Authentication Portal Settings -> Enable Authentication Portal (applies to both transparent and redirect modes) and\n * An interface management profile with response pages enabled and associated with an external/internet-accessible interface. You can verify the configuration by going to Network > Interface > Select the interface > Advanced Tab > Create Management Interface Profile.", "supportingMedia": [{"type": "text/html", "value": "<p>This issue is applicable only to PA-Series and VM-Series firewalls that are configured to use User-ID\u2122 Authentication Portal.<br><br>Customers are impacted if both of the following conditions are true:<br></p><ul><li>User-ID\u2122 Authentication Portal configured in the User-ID\u2122 Authentication Portal Settings page. You can verify the configuration by going to Device &gt; User Identification &gt; Authentication Portal Settings -&gt; Enable Authentication Portal (applies to both transparent and redirect modes) <b>and</b></li><li>An interface management profile with response pages enabled and associated with an external/internet-accessible interface. You can verify the configuration by going to Network &gt; Interface &gt; Select the interface &gt; Advanced Tab &gt; Create Management Interface Profile.<br></li></ul><p></p>", "base64": false}]}], "x_affectedList": ["PAN-OS 12.1.6", "PAN-OS 12.1.5", "PAN-OS 12.1.4-h3", "PAN-OS 12.1.4-h2", "PAN-OS 12.1.4", "PAN-OS 12.1.3-h3", "PAN-OS 12.1.3-h1", "PAN-OS 12.1.3", "PAN-OS 12.1.2", "PAN-OS 11.2.11", "PAN-OS 11.2.10-h4", "PAN-OS 11.2.10-h3", "PAN-OS 11.2.10-h2", "PAN-OS 11.2.10-h1", "PAN-OS 11.2.10", "PAN-OS 11.2.9", "PAN-OS 11.2.8", "PAN-OS 11.2.7-h11", "PAN-OS 11.2.7-h10", "PAN-OS 11.2.7-h8", "PAN-OS 11.2.7-h7", "PAN-OS 11.2.7-h4", "PAN-OS 11.2.7-h3", "PAN-OS 11.2.7-h2", "PAN-OS 11.2.7-h1", "PAN-OS 11.2.7", "PAN-OS 11.2.6", "PAN-OS 11.2.5", "PAN-OS 11.2.4-h15", "PAN-OS 11.2.4-h14", "PAN-OS 11.2.4-h12", "PAN-OS 11.2.4-h11", "PAN-OS 11.2.4-h10", "PAN-OS 11.2.4-h9", "PAN-OS 11.2.4-h8", "PAN-OS 11.2.4-h7", "PAN-OS 11.2.4-h6", "PAN-OS 11.2.4-h5", "PAN-OS 11.2.4-h4", "PAN-OS 11.2.4-h3", "PAN-OS 11.2.4-h2", "PAN-OS 11.2.4-h1", "PAN-OS 11.2.4", "PAN-OS 11.2.3-h5", "PAN-OS 11.2.3-h4", "PAN-OS 11.2.3-h3", "PAN-OS 11.2.3-h2", "PAN-OS 11.2.3-h1", "PAN-OS 11.2.3", "PAN-OS 11.2.2-h2", "PAN-OS 11.2.2-h1", "PAN-OS 11.2.1-h1", "PAN-OS 11.2.1", "PAN-OS 11.2.0-h1", "PAN-OS 11.2.0", "PAN-OS 11.1.13-h3", "PAN-OS 11.1.13-h2", "PAN-OS 11.1.13-h1", "PAN-OS 11.1.13", "PAN-OS 11.1.12", "PAN-OS 11.1.11", "PAN-OS 11.1.10-h21", "PAN-OS 11.1.10-h12", "PAN-OS 11.1.10-h10", "PAN-OS 11.1.10-h9", "PAN-OS 11.1.10-h7", "PAN-OS 11.1.10-h5", "PAN-OS 11.1.10-h4", "PAN-OS 11.1.10-h1", "PAN-OS 11.1.10", "PAN-OS 11.1.9", "PAN-OS 11.1.8", "PAN-OS 11.1.6-h29", "PAN-OS 11.1.6-h25", "PAN-OS 11.1.6-h23", "PAN-OS 11.1.6-h22", "PAN-OS 11.1.6-h21", "PAN-OS 11.1.6-h20", "PAN-OS 11.1.6-h19", "PAN-OS 11.1.6-h18", "PAN-OS 11.1.6-h17", "PAN-OS 11.1.6-h14", "PAN-OS 11.1.6-h10", "PAN-OS 11.1.6-h7", "PAN-OS 11.1.6-h6", "PAN-OS 11.1.6-h4", "PAN-OS 11.1.6-h3", "PAN-OS 11.1.6-h2", "PAN-OS 11.1.6-h1", "PAN-OS 11.1.6", "PAN-OS 11.1.5-h1", "PAN-OS 11.1.5", "PAN-OS 11.1.4-h27", "PAN-OS 11.1.4-h25", "PAN-OS 11.1.4-h18", "PAN-OS 11.1.4-h17", "PAN-OS 11.1.4-h15", "PAN-OS 11.1.4-h13", "PAN-OS 11.1.4-h12", "PAN-OS 11.1.4-h11", "PAN-OS 11.1.4-h10", "PAN-OS 11.1.4-h9", "PAN-OS 11.1.4-h8", "PAN-OS 11.1.4-h7", "PAN-OS 11.1.4-h6", "PAN-OS 11.1.4-h5", "PAN-OS 11.1.4-h4", "PAN-OS 11.1.4-h3", "PAN-OS 11.1.4-h2", "PAN-OS 11.1.4-h1", "PAN-OS 11.1.4", "PAN-OS 11.1.3-h13", "PAN-OS 11.1.3-h12", "PAN-OS 11.1.3-h11", "PAN-OS 11.1.3-h10", "PAN-OS 11.1.3-h9", "PAN-OS 11.1.3-h8", "PAN-OS 11.1.3-h7", "PAN-OS 11.1.3-h6", "PAN-OS 11.1.3-h5", "PAN-OS 11.1.3-h4", "PAN-OS 11.1.3-h3", "PAN-OS 11.1.3-h2", "PAN-OS 11.1.3-h1", "PAN-OS 11.1.3", "PAN-OS 11.1.2-h18", "PAN-OS 11.1.2-h17", "PAN-OS 11.1.2-h16", "PAN-OS 11.1.2-h15", "PAN-OS 11.1.2-h14", "PAN-OS 11.1.2-h13", "PAN-OS 11.1.2-h12", "PAN-OS 11.1.2-h11", "PAN-OS 11.1.2-h10", "PAN-OS 11.1.2-h9", "PAN-OS 11.1.2-h8", "PAN-OS 11.1.2-h7", "PAN-OS 11.1.2-h6", "PAN-OS 11.1.2-h5", "PAN-OS 11.1.2-h4", "PAN-OS 11.1.2-h3", "PAN-OS 11.1.2-h2", "PAN-OS 11.1.2-h1", "PAN-OS 11.1.2", "PAN-OS 11.1.1-h2", "PAN-OS 11.1.1-h1", "PAN-OS 11.1.1", "PAN-OS 11.1.0-h4", "PAN-OS 11.1.0-h3", "PAN-OS 11.1.0-h2", "PAN-OS 11.1.0-h1", "PAN-OS 11.1.0", "PAN-OS 10.2.18-h1", "PAN-OS 10.2.18", "PAN-OS 10.2.17", "PAN-OS 10.2.16-h6", "PAN-OS 10.2.16-h4", "PAN-OS 10.2.16-h1", "PAN-OS 10.2.16", "PAN-OS 10.2.15", "PAN-OS 10.2.14-h1", "PAN-OS 10.2.14", "PAN-OS 10.2.13-h18", "PAN-OS 10.2.13-h16", "PAN-OS 10.2.13-h15", "PAN-OS 10.2.13-h10", "PAN-OS 10.2.13-h7", "PAN-OS 10.2.13-h5", "PAN-OS 10.2.13-h4", "PAN-OS 10.2.13-h3", "PAN-OS 10.2.13-h2", "PAN-OS 10.2.13-h1", "PAN-OS 10.2.13", "PAN-OS 10.2.12-h6", "PAN-OS 10.2.12-h5", "PAN-OS 10.2.12-h4", "PAN-OS 10.2.12-h3", "PAN-OS 10.2.12-h2", "PAN-OS 10.2.12-h1", "PAN-OS 10.2.12", "PAN-OS 10.2.11-h13", "PAN-OS 10.2.11-h12", "PAN-OS 10.2.11-h11", "PAN-OS 10.2.11-h10", "PAN-OS 10.2.11-h9", "PAN-OS 10.2.11-h8", "PAN-OS 10.2.11-h7", "PAN-OS 10.2.11-h6", "PAN-OS 10.2.11-h5", "PAN-OS 10.2.11-h4", "PAN-OS 10.2.11-h3", "PAN-OS 10.2.11-h2", "PAN-OS 10.2.11-h1", "PAN-OS 10.2.11", "PAN-OS 10.2.10-h31", "PAN-OS 10.2.10-h30", "PAN-OS 10.2.10-h27", "PAN-OS 10.2.10-h26", "PAN-OS 10.2.10-h23", "PAN-OS 10.2.10-h21", "PAN-OS 10.2.10-h18", "PAN-OS 10.2.10-h17", "PAN-OS 10.2.10-h14", "PAN-OS 10.2.10-h13", "PAN-OS 10.2.10-h12", "PAN-OS 10.2.10-h11", "PAN-OS 10.2.10-h10", "PAN-OS 10.2.10-h9", "PAN-OS 10.2.10-h8", "PAN-OS 10.2.10-h7", "PAN-OS 10.2.10-h6", "PAN-OS 10.2.10-h5", "PAN-OS 10.2.10-h4", "PAN-OS 10.2.10-h3", "PAN-OS 10.2.10-h2", "PAN-OS 10.2.10-h1", "PAN-OS 10.2.10", "PAN-OS 10.2.9-h21", "PAN-OS 10.2.9-h20", "PAN-OS 10.2.9-h19", "PAN-OS 10.2.9-h18", "PAN-OS 10.2.9-h17", "PAN-OS 10.2.9-h16", "PAN-OS 10.2.9-h15", "PAN-OS 10.2.9-h14", "PAN-OS 10.2.9-h13", "PAN-OS 10.2.9-h12", "PAN-OS 10.2.9-h11", "PAN-OS 10.2.9-h10", "PAN-OS 10.2.9-h9", "PAN-OS 10.2.9-h8", "PAN-OS 10.2.9-h7", "PAN-OS 10.2.9-h6", "PAN-OS 10.2.9-h5", "PAN-OS 10.2.9-h4", "PAN-OS 10.2.9-h3", "PAN-OS 10.2.9-h2", "PAN-OS 10.2.9-h1", "PAN-OS 10.2.9", "PAN-OS 10.2.8-h21", "PAN-OS 10.2.8-h20", "PAN-OS 10.2.8-h19", "PAN-OS 10.2.8-h18", "PAN-OS 10.2.8-h17", "PAN-OS 10.2.8-h16", "PAN-OS 10.2.8-h15", "PAN-OS 10.2.8-h14", "PAN-OS 10.2.8-h13", "PAN-OS 10.2.8-h12", "PAN-OS 10.2.8-h11", "PAN-OS 10.2.8-h10", "PAN-OS 10.2.8-h9", "PAN-OS 10.2.8-h8", "PAN-OS 10.2.8-h7", "PAN-OS 10.2.8-h6", "PAN-OS 10.2.8-h5", "PAN-OS 10.2.8-h4", "PAN-OS 10.2.8-h3", "PAN-OS 10.2.8-h2", "PAN-OS 10.2.8-h1", "PAN-OS 10.2.8", "PAN-OS 10.2.7-h32", "PAN-OS 10.2.7-h24", "PAN-OS 10.2.7-h23", "PAN-OS 10.2.7-h22", "PAN-OS 10.2.7-h21", "PAN-OS 10.2.7-h20", "PAN-OS 10.2.7-h19", "PAN-OS 10.2.7-h18", "PAN-OS 10.2.7-h17", "PAN-OS 10.2.7-h16", "PAN-OS 10.2.7-h15", "PAN-OS 10.2.7-h14", "PAN-OS 10.2.7-h13", "PAN-OS 10.2.7-h12", "PAN-OS 10.2.7-h11", "PAN-OS 10.2.7-h10", "PAN-OS 10.2.7-h9", "PAN-OS 10.2.7-h8", "PAN-OS 10.2.7-h7", "PAN-OS 10.2.7-h6", "PAN-OS 10.2.7-h5", "PAN-OS 10.2.7-h4", "PAN-OS 10.2.7-h3", "PAN-OS 10.2.7-h2", "PAN-OS 10.2.7-h1", "PAN-OS 10.2.7", "PAN-OS 10.2.6-h6", "PAN-OS 10.2.6-h5", "PAN-OS 10.2.6-h4", "PAN-OS 10.2.6-h3", "PAN-OS 10.2.6-h2", "PAN-OS 10.2.6-h1", "PAN-OS 10.2.6", "PAN-OS 10.2.5-h9", "PAN-OS 10.2.5-h8", "PAN-OS 10.2.5-h7", "PAN-OS 10.2.5-h6", "PAN-OS 10.2.5-h5", "PAN-OS 10.2.5-h4", "PAN-OS 10.2.5-h3", "PAN-OS 10.2.5-h2", "PAN-OS 10.2.5-h1", "PAN-OS 10.2.5", "PAN-OS 10.2.4-h32", "PAN-OS 10.2.4-h31", "PAN-OS 10.2.4-h30", "PAN-OS 10.2.4-h29", "PAN-OS 10.2.4-h28", "PAN-OS 10.2.4-h27", "PAN-OS 10.2.4-h26", "PAN-OS 10.2.4-h25", "PAN-OS 10.2.4-h24", "PAN-OS 10.2.4-h23", "PAN-OS 10.2.4-h22", "PAN-OS 10.2.4-h21", "PAN-OS 10.2.4-h20", "PAN-OS 10.2.4-h19", "PAN-OS 10.2.4-h18", "PAN-OS 10.2.4-h17", "PAN-OS 10.2.4-h16", "PAN-OS 10.2.4-h15", "PAN-OS 10.2.4-h14", "PAN-OS 10.2.4-h13", "PAN-OS 10.2.4-h12", "PAN-OS 10.2.4-h11", "PAN-OS 10.2.4-h10", "PAN-OS 10.2.4-h9", "PAN-OS 10.2.4-h8", "PAN-OS 10.2.4-h7", "PAN-OS 10.2.4-h6", "PAN-OS 10.2.4-h5", "PAN-OS 10.2.4-h4", "PAN-OS 10.2.4-h3", "PAN-OS 10.2.4-h2", "PAN-OS 10.2.4-h1", "PAN-OS 10.2.4", "PAN-OS 10.2.3-h14", "PAN-OS 10.2.3-h13", "PAN-OS 10.2.3-h12", "PAN-OS 10.2.3-h11", "PAN-OS 10.2.3-h10", "PAN-OS 10.2.3-h9", "PAN-OS 10.2.3-h8", "PAN-OS 10.2.3-h7", "PAN-OS 10.2.3-h6", "PAN-OS 10.2.3-h5", "PAN-OS 10.2.3-h4", "PAN-OS 10.2.3-h3", "PAN-OS 10.2.3-h2", "PAN-OS 10.2.3-h1", "PAN-OS 10.2.3", "PAN-OS 10.2.2-h6", "PAN-OS 10.2.2-h5", "PAN-OS 10.2.2-h4", "PAN-OS 10.2.2-h3", "PAN-OS 10.2.2-h2", "PAN-OS 10.2.2-h1", "PAN-OS 10.2.2", "PAN-OS 10.2.1-h3", "PAN-OS 10.2.1-h2", "PAN-OS 10.2.1-h1", "PAN-OS 10.2.1", "PAN-OS 10.2.0-h4", "PAN-OS 10.2.0-h3", "PAN-OS 10.2.0-h2", "PAN-OS 10.2.0-h1", "PAN-OS 10.2.0"], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "12.1.4-h5", "versionStartIncluding": "12.1.4"}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "12.1.7", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.2.4-h17", "versionStartIncluding": "11.2.4"}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.2.7-h13", "versionStartIncluding": "11.2.7"}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.2.10-h6", "versionStartIncluding": "11.2.10"}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.2.12", "versionStartIncluding": "11.2.0"}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.1.4-h33", "versionStartIncluding": "11.1.4"}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.1.6-h32", "versionStartIncluding": "11.1.6"}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.1.7-h6", "versionStartIncluding": "11.1.7"}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.1.10-h25", "versionStartIncluding": "11.1.10"}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.1.13-h5", "versionStartIncluding": "11.1.13"}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.1.15", "versionStartIncluding": "11.1.0"}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.2.7-h34", "versionStartIncluding": "10.2.7"}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.2.10-h36", "versionStartIncluding": "10.2.10"}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.2.13-h21", "versionStartIncluding": "10.2.13"}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.2.16-h7", "versionStartIncluding": "10.2.16"}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.2.18-h6", "versionStartIncluding": "10.2.18"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-05-06T22:09:48.796Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0300", "state": "PUBLISHED", "dateUpdated": "2026-05-07T03:55:34.043Z", "dateReserved": "2025-11-03T20:44:58.173Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2026-05-06T18:57:39.876Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.2"}

{"cisaActionDue": "2026-05-09", "cisaExploitAdd": "2026-05-06", "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Until the vendor releases an official fix, the following workaround should be implemented: - Restrict User-ID Authentication Portal access to only trusted zones. - Disable User-ID Authentication Portal if not required.", "cisaVulnerabilityName": "Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D515774C-BDB8-4A78-BCFB-01A825B93DF5", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "6B050597-FC74-4667-83A5-A82BCAD1FCE3", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "2AACF8E4-ABED-4617-80D8-2ABC37AAC005", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "E6220162-85C0-4DC7-AE73-643A2BA08090", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "AEEE3F9F-2F8F-4F1D-9BC8-1EAF9673B68D", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "909CCBED-27AC-4888-91B7-FDA621861AB6", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "39A74871-369E-4B91-A70A-801AF1A8B406", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*", "matchCriteriaId": "A8C42D98-CF8F-456B-9D57-80BBDC2C8E74", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*", "matchCriteriaId": "B3AAD4BA-22DD-43D3-91F1-8A6F5FBBF029", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*", "matchCriteriaId": "AA4994CB-6591-4B44-A5D7-3CDF540B97DE", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*", "matchCriteriaId": "A6AB7874-FE24-42AC-8E3A-822A70722126", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*", "matchCriteriaId": "0D88CC33-7E32-4E82-8A94-70759E910510", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:*", "matchCriteriaId": "FA91A4E9-CE1E-4CB8-B717-4B0E314C0171", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h24:*:*:*:*:*:*", "matchCriteriaId": "28994519-3519-4E94-8D8B-7C4251A82B8B", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*", "matchCriteriaId": "776E06EC-2FDA-4664-AB43-9F6BE9B897CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h32:*:*:*:*:*:*", "matchCriteriaId": "53981EA8-847F-4FBC-BA55-8EDF591E0FF8", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*", "matchCriteriaId": "CBE09375-A863-42FF-813F-C20679D7C45C", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*", "matchCriteriaId": "1311961A-0EF6-488E-B0C2-EDBD508587C9", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "78EAA309-2755-4ED2-9AFC-F4D9DF8F90D3", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "5D6D42C2-1CEC-47D2-82B2-1EFE71A8C8A3", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*", "matchCriteriaId": "03C5ABF2-8C53-4376-8A64-6CB34E18E77C", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*", "matchCriteriaId": "FF7FCD8B-80DF-4004-A9D2-4EE884F089A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:*", "matchCriteriaId": "83C9637A-B615-4CC2-84AA-BDCFE611484C", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h14:*:*:*:*:*:*", "matchCriteriaId": "224270A7-767D-433B-AD51-C031506747C1", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h17:*:*:*:*:*:*", "matchCriteriaId": "A532EFC6-A883-4279-8C05-9CD600B3F963", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h18:*:*:*:*:*:*", "matchCriteriaId": "F4F20C02-DF90-4609-9254-B765481C83E0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*", "matchCriteriaId": "872BC747-512A-4872-AC86-E7F1DC589F47", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h21:*:*:*:*:*:*", "matchCriteriaId": "E5E36C87-E01D-49DC-AB73-10E5EE27F596", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h27:*:*:*:*:*:*", "matchCriteriaId": "39437442-B24D-492F-B637-2203492327FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*", "matchCriteriaId": "67F527D0-F85B-4B83-AEA5-BA636FC89210", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h30:*:*:*:*:*:*", "matchCriteriaId": "984BE1FB-ADB7-4831-AEDD-39DBAED078B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h31:*:*:*:*:*:*", "matchCriteriaId": "AF2C954D-9763-41E3-A132-F83C82E79BC0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*", "matchCriteriaId": "6CF8F985-7E51-49E6-857A-FAAF027F5611", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*", "matchCriteriaId": "B437DCEA-ABA3-41CA-B320-97EC430F1122", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*", "matchCriteriaId": "593AFE7A-CB37-4156-A2B8-646A317F3176", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*", "matchCriteriaId": "A9F032C2-3202-479B-8C70-277F6871A4A4", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "3079F29C-688B-4FFB-BBC0-5FCD7B5B6905", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "674C85C5-162E-42DE-ACD1-D18943040E1C", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:*", "matchCriteriaId": "C2B871A6-0636-42A0-9573-6F693D7753AD", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:*", "matchCriteriaId": "F1FC63B8-B8D9-4EC1-85CA-2E12B38ACD3E", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h10:*:*:*:*:*:*", "matchCriteriaId": "F3F8462A-71C0-4F81-9882-C73BC90697CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h16:*:*:*:*:*:*", "matchCriteriaId": "C1B72E68-2D01-483F-BEC5-59C49E96B976", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h18:*:*:*:*:*:*", "matchCriteriaId": "E49419C4-9AFE-4B7F-90EF-DB50EBB608D3", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*", "matchCriteriaId": "60CE628F-C4CB-4342-8D71-DE61A089B612", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h3:*:*:*:*:*:*", "matchCriteriaId": "2447D2B1-A145-4036-B9F2-17648B193465", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h4:*:*:*:*:*:*", "matchCriteriaId": "C24353AF-DC81-49B9-9132-9EEC8E6009BB", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h5:*:*:*:*:*:*", "matchCriteriaId": "B4420489-AE0F-4A48-B2CE-C165BEBFA6A2", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h7:*:*:*:*:*:*", "matchCriteriaId": "C45D8DF1-9483-4B24-AB94-B1FF4A5F2606", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "941CB947-862C-4C17-A039-8CD46D21B3BA", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.15:*:*:*:*:*:*:*", "matchCriteriaId": "146BFB2E-5802-495E-B20D-9783B41357A2", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:-:*:*:*:*:*:*", "matchCriteriaId": "BC38A9CD-CDB6-423A-BE8D-2E0E45A3B239", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h1:*:*:*:*:*:*", "matchCriteriaId": "41B48ECA-FD05-4EA2-B1C9-771624EAAFF4", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h4:*:*:*:*:*:*", "matchCriteriaId": "4D65D1F0-323E-41AF-962E-1F9741748A76", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h6:*:*:*:*:*:*", "matchCriteriaId": "D5D41E00-D517-4B81-A7FC-C8E101884807", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.17:-:*:*:*:*:*:*", "matchCriteriaId": "DEBB519E-9AC8-4100-B71C-E7D3276ED79C", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:-:*:*:*:*:*:*", "matchCriteriaId": "19604659-570D-4766-B8B5-8B9920E2607F", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h1:*:*:*:*:*:*", "matchCriteriaId": "745A3A2A-73CF-4DC2-968B-ACFC66389E11", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h5:*:*:*:*:*:*", "matchCriteriaId": "3A1E533E-DE4A-4F2F-A71A-FFF56E757087", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "CB628D07-9AB0-4C19-8DA3-DBE5689A3F40", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A94EA8A-EADF-416D-AE54-3CF56214714C", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "BC05CBD3-7679-4640-9BE4-FD5418D9F756", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "7F383C3D-0C7A-4B5E-9798-D1CE9632687B", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*", "matchCriteriaId": "DF83EAA1-49E1-4AD0-A049-F1B3065950BC", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*", "matchCriteriaId": "BE3F7369-9F35-409A-9F47-45A959592DFA", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h13:*:*:*:*:*:*", "matchCriteriaId": "FD701663-4C57-4115-BD59-9DFFB504E2AF", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h15:*:*:*:*:*:*", "matchCriteriaId": "82816C09-6A9D-4AB2-AA55-62CC714CCA82", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h16:*:*:*:*:*:*", "matchCriteriaId": "9AA9F77D-BC9C-4A2C-8988-6DEE65CD9C8E", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h17:*:*:*:*:*:*", "matchCriteriaId": "A5A3CEBF-9F8A-47F9-A302-7C395F2A8146", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h18:*:*:*:*:*:*", "matchCriteriaId": "A79B51D2-74E8-4BA3-AE33-829A9C1776E9", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h25:*:*:*:*:*:*", "matchCriteriaId": "E08297B1-95E9-4730-B59D-252B958C4199", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h27:*:*:*:*:*:*", "matchCriteriaId": "B56B153E-8693-4257-9E33-38904A949ED8", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h32:*:*:*:*:*:*", "matchCriteriaId": "A220ED95-5E1A-45AA-85BD-8A58CFC6C697", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*", "matchCriteriaId": "E9DB4DA9-2262-4E9E-B3A1-49D261D01295", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:*:*:*:*:*:*", "matchCriteriaId": "4852E738-990C-4DD2-8252-D4625D843A99", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9:*:*:*:*:*:*", "matchCriteriaId": "CB2C59F8-2583-4510-90F8-500F8329AFFD", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "7C31ACD7-46AB-4092-89F3-7B4C9B642199", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:*", "matchCriteriaId": "52C50A07-F4D8-4F1F-BA61-3429BB1721BE", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h1:*:*:*:*:*:*", "matchCriteriaId": "9D12FF27-C186-467C-8627-1284EBC67243", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h10:*:*:*:*:*:*", "matchCriteriaId": "AF4AA997-35BC-4BC1-9EF2-644503B2D806", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h14:*:*:*:*:*:*", "matchCriteriaId": "12EF4DDF-9773-4B02-8FF4-F94A1D49E6AA", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h17:*:*:*:*:*:*", "matchCriteriaId": "8FAE17BB-7938-41D0-8D62-46F829C647BC", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h19:*:*:*:*:*:*", "matchCriteriaId": "6DA5A0AD-C4FB-4210-8651-F94F2875A0EA", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h2:*:*:*:*:*:*", "matchCriteriaId": "45D633D7-A4B5-4D68-9BAB-D9BA25877F36", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h20:*:*:*:*:*:*", "matchCriteriaId": "B79DB477-A907-4300-A651-16F93880B049", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h21:*:*:*:*:*:*", "matchCriteriaId": "AF74D8FA-677F-484D-9338-A1761614FFD6", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h22:*:*:*:*:*:*", "matchCriteriaId": "F9FC5118-4056-4E22-A1F0-D6FFA2B88472", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h23:*:*:*:*:*:*", "matchCriteriaId": "5E7A808F-F52F-4786-950C-591CCADB2EE4", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h25:*:*:*:*:*:*", "matchCriteriaId": "0CA82012-AA59-44C1-BB9D-0B28764D507E", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h29:*:*:*:*:*:*", "matchCriteriaId": "27233F80-A620-42D3-927D-4FCDE6345456", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h3:*:*:*:*:*:*", "matchCriteriaId": "63729FA6-ED2A-4593-9436-232F282A0A78", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h4:*:*:*:*:*:*", "matchCriteriaId": "F39792EF-61B5-4874-9FD0-7544F8C5C0D4", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h5:*:*:*:*:*:*", "matchCriteriaId": "CCC24BCD-E508-4553-9BAC-468A1078C9A2", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h6:*:*:*:*:*:*", "matchCriteriaId": "4A06B6F4-DCAE-4115-93D4-25D0A37AAB9F", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h7:*:*:*:*:*:*", "matchCriteriaId": "91529C45-FA55-4844-A153-682F729F440D", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:-:*:*:*:*:*:*", "matchCriteriaId": "64B56778-2698-493D-80AD-B4AE81F48124", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h1:*:*:*:*:*:*", "matchCriteriaId": "0A9D3E2E-BA37-4F2A-BD43-97DD93E43D08", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h2:*:*:*:*:*:*", "matchCriteriaId": "9DCE8F6C-541E-4C61-ABC8-4A618B0DD58D", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h4:*:*:*:*:*:*", "matchCriteriaId": "1E5EF79B-1A25-4AAB-AF2E-D151359E7FFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "7193CCDA-D5D4-41D2-A808-87EDC19F2F49", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "D58FF578-775A-4BC0-9975-2C8B8E51B1E1", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:-:*:*:*:*:*:*", "matchCriteriaId": "A92886DF-C989-47AD-8F68-8F468BBC6E57", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h1:*:*:*:*:*:*", "matchCriteriaId": "9893920B-A00E-4890-A897-EE1CF0751BA0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h10:*:*:*:*:*:*", "matchCriteriaId": "D1289923-12D8-4FDD-B18B-C52516F14922", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h12:*:*:*:*:*:*", "matchCriteriaId": "AFC923D7-672D-4556-8344-BBD285324067", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h21:*:*:*:*:*:*", "matchCriteriaId": "E1510DE9-04A3-4E08-872D-C0F6041BCFCD", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h4:*:*:*:*:*:*", "matchCriteriaId": "31CD3B15-2CE0-404A-9542-9C39B8E71027", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h5:*:*:*:*:*:*", "matchCriteriaId": "0194DA0B-041A-4810-8BFB-2308290517B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h7:*:*:*:*:*:*", "matchCriteriaId": "69E64D86-034F-4BC7-9A4E-2703D834EBC1", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h9:*:*:*:*:*:*", "matchCriteriaId": "B992628F-1114-4FC8-9364-800ACE997044", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "73CF31A0-82EC-45DF-87DD-81C458AAF94C", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "77024A63-A28F-4467-8D4C-3CFD41724777", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:-:*:*:*:*:*:*", "matchCriteriaId": "9223B0D4-6194-4684-8EF4-84A0EF511D8F", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h1:*:*:*:*:*:*", "matchCriteriaId": "CB16C018-2B70-4F4D-9025-69FF82CD40F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h2:*:*:*:*:*:*", "matchCriteriaId": "1259B519-130D-4584-86AA-E4EA1E89ACB2", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h3:*:*:*:*:*:*", "matchCriteriaId": "0DCA6D54-E623-4985-B35F-AC98299828EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.14:-:*:*:*:*:*:*", "matchCriteriaId": "20A38461-BC7E-4D75-A168-FA493955A54C", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF9D96B4-E4D2-4F35-A4AF-D79BB9F3A41B", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "DAF8163D-1EE5-4955-A317-1BC95581C87D", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "AEEE3CF8-1B67-44D3-8FF1-9EC6C5197835", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "A6DFD05F-0A72-45E0-8D20-E1C28642C973", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*", "matchCriteriaId": "C01AD190-F3C2-4349-A063-8C5C78B725B9", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:*:*:*:*:*:*", "matchCriteriaId": "30F4CD1C-6862-4279-8D2D-40B4D164222F", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h10:*:*:*:*:*:*", "matchCriteriaId": "8137F3AF-BA32-41BC-AD2E-A668FFA33892", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h11:*:*:*:*:*:*", "matchCriteriaId": "8C977AF0-D2B0-401A-A7C5-A1C71AC3C072", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h12:*:*:*:*:*:*", "matchCriteriaId": "B9C0A53F-2AFE-4B0D-AEC1-464E6001E02F", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h14:*:*:*:*:*:*", "matchCriteriaId": "D720448D-F40B-4C92-9101-A48AC36C9CBF", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h15:*:*:*:*:*:*", "matchCriteriaId": "5F12F7AC-D5B3-499E-87DA-27427D8BFFC5", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:*:*:*:*:*:*", "matchCriteriaId": "A52B7A7A-483A-4075-B1E9-5C14B66F7FC3", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h4:*:*:*:*:*:*", "matchCriteriaId": "76949F0F-2ADC-492F-83F0-0A1B0E861F97", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h5:*:*:*:*:*:*", "matchCriteriaId": "C1DD83BC-4E8E-4C1D-80C7-A6209B4E70CE", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h6:*:*:*:*:*:*", "matchCriteriaId": "73888909-64C5-41BC-BAE0-BD9BDEEAF723", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h7:*:*:*:*:*:*", "matchCriteriaId": "E7861D82-815D-4894-9E11-1B6B1E66CDEC", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h8:*:*:*:*:*:*", "matchCriteriaId": "D269E33D-9A79-40CC-B79A-C9A398AB7AFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h9:*:*:*:*:*:*", "matchCriteriaId": "9762E441-856F-466F-812C-798CA2EEF965", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "0EF09924-12F7-4F76-9FD0-08AF707AA289", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "C62D458B-2BC0-4E0C-8E95-894674DBD791", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:-:*:*:*:*:*:*", "matchCriteriaId": "0A25C9D9-BC83-49AE-BEE7-EF05F8336B01", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h1:*:*:*:*:*:*", "matchCriteriaId": "A93C2B58-EC78-4C3D-89FF-35D9C489E39F", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h10:*:*:*:*:*:*", "matchCriteriaId": "A32E35C0-913E-4348-8AD4-E1F169C40C92", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h11:*:*:*:*:*:*", "matchCriteriaId": "39112398-2A93-4E26-A7DF-0E3FA81C5130", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h12:*:*:*:*:*:*", "matchCriteriaId": "C88442D1-599F-411D-B7A2-E17AA839F177", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h2:*:*:*:*:*:*", "matchCriteriaId": "D12C3EB6-842E-4378-896C-FDBB2BC75D10", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h3:*:*:*:*:*:*", "matchCriteriaId": "86B41903-FF08-454D-B626-184CB73B122E", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h4:*:*:*:*:*:*", "matchCriteriaId": "396DC378-7716-40F6-88A4-99299A16CAF1", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h7:*:*:*:*:*:*", "matchCriteriaId": "5E5C6E3A-262C-4212-B21C-00E8079AA8CF", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h8:*:*:*:*:*:*", "matchCriteriaId": "4C855108-D3C9-4DE3-B9F4-9735A0A439AF", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "5B887380-062F-45B2-9F25-861227E86377", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "02713C77-26D8-4C84-A8B2-86B6BA5BE600", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:-:*:*:*:*:*:*", "matchCriteriaId": "051673AB-50BF-4DD0-8679-F5825520241A", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h1:*:*:*:*:*:*", "matchCriteriaId": "BAC15D8A-83CA-413F-BA2B-17EC2B169F6E", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h2:*:*:*:*:*:*", "matchCriteriaId": "70B3EB0C-87F1-46C2-B95C-C5808E473BD2", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h3:*:*:*:*:*:*", "matchCriteriaId": "073BF631-451B-4DFC-B23C-F0F68C2450F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h4:*:*:*:*:*:*", "matchCriteriaId": "13AA1BEF-F2F6-4534-89F3-DF4E79217978", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h5:*:*:*:*:*:*", "matchCriteriaId": "CBFDE611-4981-4D92-ABAF-858DF132535F", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.11:-:*:*:*:*:*:*", "matchCriteriaId": "CE68AC6C-61B6-4245-96AE-3D1F96D44721", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:12.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "7A116B32-5798-47EC-A22D-D3E960B29C07", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:12.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "F1725F67-BF14-48B4-A405-1CCA507CD553", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:-:*:*:*:*:*:*", "matchCriteriaId": "8C1ADE94-3F05-48EE-94E0-FD6EB682705C", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h2:*:*:*:*:*:*", "matchCriteriaId": "F727C18E-1C8D-448A-954C-073294FBC65C", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h3:*:*:*:*:*:*", "matchCriteriaId": "7E492BE6-EB2E-4616-85EA-3B389741301B", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:12.1.5:-:*:*:*:*:*:*", "matchCriteriaId": "0DF08D3C-62B3-4875-972A-CDF35D2786B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:12.1.6:-:*:*:*:*:*:*", "matchCriteriaId": "7C32D27E-BCD7-4F26-B802-B6EA931B0F40", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:paloaltonetworks:pa-1410:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0183BAB-B1AE-44D9-B187-798CECB9A640", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-1420:-:*:*:*:*:*:*:*", "matchCriteriaId": "8B2FCF34-EC08-4AF2-AC0B-D48D97BFFC86", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-3410:-:*:*:*:*:*:*:*", "matchCriteriaId": "08BD8F1C-5CDA-4B5C-9DA6-967773A9B0EE", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-3420:-:*:*:*:*:*:*:*", "matchCriteriaId": "824EE71F-D617-4FDA-B529-DCF8F6BA5C1B", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-3430:-:*:*:*:*:*:*:*", "matchCriteriaId": "D2DA44A2-3859-48B8-8146-4433D5FF4C68", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-3440:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FF7BE07-98F5-4DB7-AD77-625BB46CFC3C", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-410:-:*:*:*:*:*:*:*", "matchCriteriaId": "BABAB43B-198C-42E0-836C-F7FB30256A2F", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-410r:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DF6F082-99CC-47BB-AEB1-2FD00EE1278D", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-410r-5g:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA9D11D5-FDEA-4B83-8AE2-64A007791CBA", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-415:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0BA207F-6CDF-4D90-8739-8FE34EC0F3C4", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-415-5g:-:*:*:*:*:*:*:*", "matchCriteriaId": "38DC5E80-274A-4E65-A2DC-BC79623BF698", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-440:-:*:*:*:*:*:*:*", "matchCriteriaId": "31854314-2ABE-4658-AD1B-230A0B261674", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-445:-:*:*:*:*:*:*:*", "matchCriteriaId": "8CA7E681-BE00-416C-86C5-08A1A18976F4", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-450:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5128449-D0A7-47FA-AFE7-258672972BBF", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-450r:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DB8D540-4F7A-44F2-9F5B-96F1F704330A", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-450r-5g:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB12277D-B9CF-4703-B08F-5555261F1BC4", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-455:-:*:*:*:*:*:*:*", "matchCriteriaId": "85B9E8EF-5A4E-40B7-8044-C4352AD1BD2E", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-455-5g:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE7143C5-FDEF-4440-AB43-9A6B5D201D57", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-455r-5g:-:*:*:*:*:*:*:*", "matchCriteriaId": "BEFB32D5-43C7-4D4A-AA81-7BBC006B92CC", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-460:-:*:*:*:*:*:*:*", "matchCriteriaId": "017A0571-E011-4AE6-B4ED-B1AAC0EBA22B", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-501:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB469DD8-C776-4B6A-91A4-66B27483FDE8", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-505:-:*:*:*:*:*:*:*", "matchCriteriaId": "A070368D-23E8-47F3-8F72-E011728F90C6", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-510:-:*:*:*:*:*:*:*", "matchCriteriaId": "4D8DECEA-D8A1-44AF-9F51-B99C6599FCAB", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-520:-:*:*:*:*:*:*:*", "matchCriteriaId": "44F6F6DC-291D-447C-AF36-BC9A275076DE", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-540:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FCA08A8-DDE0-4179-890D-D939E427414A", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-5410:-:*:*:*:*:*:*:*", "matchCriteriaId": "C702B085-D739-4E06-805F-D01144279071", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-5420:-:*:*:*:*:*:*:*", "matchCriteriaId": "29237799-7DF5-478C-AE36-EC8E8416EAB7", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-5430:-:*:*:*:*:*:*:*", "matchCriteriaId": "CEB69E29-2974-4963-96D6-E0C08D7777F4", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-5440:-:*:*:*:*:*:*:*", "matchCriteriaId": "1F7914EA-FEA6-4911-9A47-4F516BEE6663", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-5445:-:*:*:*:*:*:*:*", "matchCriteriaId": "37BC54A5-071C-4F62-87EB-2314CA019B08", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-545-poe:-:*:*:*:*:*:*:*", "matchCriteriaId": "650AB458-DE6F-4933-A624-1AC7A2599E73", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-5450:-:*:*:*:*:*:*:*", "matchCriteriaId": "FB18C39C-0602-4136-83C9-61D99BAA46D8", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-550:-:*:*:*:*:*:*:*", "matchCriteriaId": "665EF149-C97D-4820-AE79-849815E8D8D9", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-5540:-:*:*:*:*:*:*:*", "matchCriteriaId": "E1210A5F-A8C0-49F2-8418-6ABE7E12606F", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-555-poe:-:*:*:*:*:*:*:*", "matchCriteriaId": "54B8A6E0-7EDA-4C00-B8DF-8D547DD4A5B1", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-5550:-:*:*:*:*:*:*:*", "matchCriteriaId": "6297F0CE-9E54-4B87-88BC-1EE8A16E55A3", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-5560:-:*:*:*:*:*:*:*", "matchCriteriaId": "A915842C-2F40-48F4-BFEE-3682B426100D", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-5570:-:*:*:*:*:*:*:*", "matchCriteriaId": "247690C1-8955-4CD5-9826-69AAA64D8D0D", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-5580:-:*:*:*:*:*:*:*", "matchCriteriaId": "2EBB2CDD-E0DB-47F5-B863-09CF2267A3EF", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-560:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD189FAE-EB8F-436F-BBC4-58F60F60DCDE", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-7500:-:*:*:*:*:*:*:*", "matchCriteriaId": "F6C4FC4B-7E69-4A28-9406-DA8D20A54D24", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:pa-7500-dpc-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "E545C2B6-AD84-4FCC-8CCE-164CD3968A85", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:vm-100:-:*:*:*:*:*:*:*", "matchCriteriaId": "44873791-6AB0-4EF5-808B-4495E18D225B", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:vm-300:-:*:*:*:*:*:*:*", "matchCriteriaId": "00F998EF-0FFD-44BC-A07B-0361E171E68F", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:vm-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C0A1C05-D307-41E4-A420-4BC3EE308658", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:vm-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "C239BEAA-7BFB-49F9-8E48-477D76119CAF", "vulnerable": false}, {"criteria": "cpe:2.3:h:paloaltonetworks:vm-700:-:*:*:*:*:*:*:*", "matchCriteriaId": "2BF87B31-B5F4-46F7-91DA-50F771FE56AA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability in the User-ID\u2122 Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. \n\nThe risk of this issue is greatly reduced if you secure access to the User-ID\u2122 Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses.\n\nPrisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability."}], "id": "CVE-2026-0300", "lastModified": "2026-05-07T17:46:44.287", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "ATTACKED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2026-05-06T19:16:35.730", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2026-0300"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0300"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}

{}