CVE-2026-0300 Palo Alto Networks CVE debrief

Who should care

Security teams, network administrators, and asset owners responsible for Palo Alto Networks PAN-OS deployments should treat this as a high-priority item, especially where the User-ID Authentication Portal is exposed or in use.

Technical summary

The available source data identifies the issue as an out-of-bounds write in PAN-OS. CISA’s KEV listing means the vulnerability has met CISA’s known-exploitation criteria and should be handled as an urgent defensive response item. The source corpus does not provide affected versions, exploit details, or vendor fix status beyond the workaround guidance included in the KEV record.

Defensive priority

High

Recommended defensive actions

• Apply Palo Alto Networks’ official mitigations or fix as soon as they are available.
• Restrict User-ID Authentication Portal access to only trusted zones.
• Disable the User-ID Authentication Portal if it is not required.
• Validate whether any PAN-OS systems are in scope and exposed to the portal.
• If mitigations are unavailable, follow applicable BOD 22-01 guidance for cloud services or discontinue use of the product as directed by CISA.

Evidence notes

This debrief is limited to the supplied source corpus: the CVE metadata, the CISA KEV JSON entry, and official record links (CVE.org and NVD). The corpus provides the vulnerability class, CISA KEV status, date added, due date, and specific workaround guidance, but it does not include a vendor advisory excerpt, affected version ranges, or CVSS details.

Official resources