Earlier this month a new vulnerability, CVE-2026-0300, was discovered in Palo Alto’s Authentication Portal. This vulnerability could allow an unauthenticated attacker to execute arbitrary code as the root user.
If the authentication portal is only exposed to internal and trusted networks, the risk is reduced; however, any authentication portal exposed to the wider internet could allow an attacker to gain root access to the device.
Per Palo Alto this issue affects PA-Series and VM-Series firewalls with User-ID authentication Portal. Limited exploitation has been reported.
What to Do Now
Palo Alto Networks has released fixes in recent PAN-OS updates. They strongly recommend that all affected organizations implement them immediately.
Andrew Trexler
About The Exploit Blog
The Exploit is written by Raxis penetration testers. Every post is a technical writeup from someone who runs engagements for a living, with code, command output, and the reasoning behind each step. Topics include exploit research, vulnerability disclosure, tool development, and the offensive techniques showing up in current client work.
Search The Exploit Blog
Raxis Discovered Vulnerabilities
View the CVEs and bugs that Raxis pentesters have uncovered and submitted.
Blog Categories
- AI
- Careers
- Choosing a Penetration Testing Company
- Exploits
- How To
- In The News
- Injection Attacks
- Just For Fun
- Meet Our Team
- Mobile Apps
- Networks
- Password Cracking
- Patching
- Penetration Testing
- Phishing
- PTaaS
- Raxis Discovered Vulnerabilities
- Raxis In The Community
- Red Team
- Security Recommendations
- Social Engineering
- Tips For Everyone
- Web Apps
- What People Are Saying
- Wireless
