Jump to the main content block
  1. Home
  2. Information Security
  3. Vulnerability Alert

【Vulnerability Alert】Palo Alto Networks PAN-OS contains a critical information security vulnerability (CVE-2026-0300)

publish date : 2026-05-08 update date : 2026-05-15

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2026050605050101 Publication Time 2026-05-06 17:23:02
Incident Type ANA-Vulnerability Alert Discovery Time 2026-05-06 17:23:02
Impact Level Low  
[Subject]
【Vulnerability Alert】Palo Alto Networks PAN-OS contains a critical information security vulnerability (CVE-2026-0300)
[Content]

Forwarded from TWCERTCC Information Security Message Alert TWCERTCC-200-202605-00000002

The User-ID authentication portal service of Palo Alto Networks’ firewall operating system PAN-OS contains a buffer overflow vulnerability (CVE-2026-0300, CVSS: 9.3). This vulnerability allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls by sending specially crafted data.

Information Sharing Level: WHITE (The information content is information that may be publicly disclosed)
[Affected Platform]

PAN-OS versions earlier than 12.1.4-h5 (excluding)

PAN-OS versions earlier than 12.1.7 (excluding)

PAN-OS versions earlier than 11.2.4-h17 (excluding)

PAN-OS versions earlier than 11.2.7-h13 (excluding)

PAN-OS versions earlier than 11.2.10-h6 (excluding)

PAN-OS versions earlier than 11.2.12 (excluding)

PAN-OS versions earlier than 11.1.4-h33 (excluding)

PAN-OS versions earlier than 11.1.6-h32 (excluding)

PAN-OS versions earlier than 11.1.7-h6 (excluding)

PAN-OS versions earlier than 11.1.10-h25 (excluding)

PAN-OS versions earlier than 11.1.13-h5 (excluding)

PAN-OS versions earlier than 11.1.15 (excluding)

PAN-OS versions earlier than 10.2.7-h34 (excluding)

PAN-OS versions earlier than 10.2.10-h36 (excluding)

PAN-OS versions earlier than 10.2.13-h21 (excluding)

PAN-OS versions earlier than 10.2.16-h7 (excluding)

PAN-OS versions earlier than 10.2.18-h6 (excluding)
[Recommended Actions]

Perform patching according to the solution released on the official website: https://security.paloaltonetworks.com/CVE-2026-0300

 

[Reference]

 https://www.twcert.org.tw/tw/cp-169-10898-012f2-1.html
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center
Click Num:
Print