CVE-2026-0300
Palo Alto PAN-OS Captive Portal unauthenticated root RCE (CVSS 9.3, ITW, KEV deadline 2026-05-09)
First seen
2026-05-07
Last seen
2026-05-07
Appearances
2
External references
All cited sources for this CVE (4)
- security.paloaltonetworks.comprimaryPalo Alto Networks PSIRT — CVE-2026-0300https://security.paloaltonetworks.com/CVE-2026-0300
- cert.europa.euCERT-EU Advisory 2026-006, 2026-05-06https://cert.europa.eu/publications/security-advisories/2026-006/
- cert.ssi.gouv.frCERT-FR CERTFR-2026-AVI-0537, 2026-05-06https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0537/
- unit42.paloaltonetworks.comUnit 42, 2026-05-06https://unit42.paloaltonetworks.com/captive-portal-zero-day/
Brief appearances
- CTI Daily Brief — 2026-05-082026-05-08
- CTI Daily Brief — 2026-05-072026-05-07