Select your country

Belgium

China

Denmark

France

Germany

Maghreb & West Africa

Netherlands

Norway

South Africa

Spain

Sweden

Switzerland

United Kingdom

Not finding what you are looking for, select your country from our regional selector:

Search

  1. Orange Cyberdefense
  2. Insights
  3. Blog
  4. CERT-News
  5. Threat level: 4/5 - Critical unpatched vulnerability in Palo Alto Networks PAN-OS' Captive Portal
| Blog

Threat level: 4/5 - Critical unpatched vulnerability in Palo Alto Networks PAN-OS' Captive Portal

CERT Vulnerability

Update 1, 2026-05-06

Palo Alto Networks reported a critical unpatched vulnerability (CVE-2026-0300) in Palo Alto Networks PAN-OS' User-ID Authentication Portal (captive portal), allowing unauthenticated attackers to execute code with root privileges. Limited exploitation has been observed in the wild. 

The vulnerability affects PAN-OS 12.1, 11.2, 11.1, and 10.2 of the PA-Series and VM-Series firewalls with the User-ID Authentication Portal enabled, but does not impact Prisma Access, Cloud NGFW, or Panorama. 

Patches are scheduled for release on 13 May and 28 May 2026, depending on the PAN-OS version. Until then organizations must rely on mitigations.  

Organizations are strongly urged to restrict access to trusted internal IP addresses and disable the portal if not needed. It is also advised not to expose the captive portal to the internet or other untrusted networks. 

Share

24/7 incident hotline