Share
## https://sploitus.com/exploit?id=35444CDA-A063-54CD-9D1C-589CEAFB8FE0
# CVE-2026-0300 โ€” Palo Alto Networks PAN-OS BOF RCE (root)


  
  
  


## Overview

**Buffer overflow in User-ID Authentication Portal (Captive Portal) service of PAN-OS. Unauthenticated attacker can execute code as root.**

| Field | Value |
|-------|-------|
| CVE | CVE-2026-0300 |
| Severity | CRITICAL |
| Product | Palo Alto Networks PAN-OS |
| CISA KEV | 2026-05-13 |
| Attack Type | BOF RCE (root) |
| Auth Required | None |

### Affected Versions

| Status | Versions |
|--------|----------|
| โŒ Vulnerable | PA-Series and VM-Series firewalls |
| โœ… Fixed | Fixed in PAN-OS 11.3.10, 11.2.12, 10.6.9, 10.5.10 |

## Installation

```bash
# Clone
git clone https://github.com/ridhinva/CVE-2026-0300-PANOS-RCE.git
cd CVE-2026-0300-PANOS-RCE

# Install deps (if any)
pip install requests
```

## Usage

### Scan Single Target
```bash
python3 panos_rce_scanner.py example.com
python3 panos_rce_scanner.py https://192.168.1.1
```

### Mass Scan from File
```bash
echo "target1.com" > targets.txt
echo "target2.com" >> targets.txt
python3 panos_rce_scanner.py targets.txt
```

### Show Vulnerability Info
```bash
python3 panos_rce_scanner.py --info
```

## How It Works

The scanner checks for exposed endpoints associated with this vulnerability and reports potential targets for manual verification.

## References

| Source | Link |
|--------|------|
| CISA KEV | https://www.cisa.gov/known-exploited-vulnerabilities-catalog |
| NVD Entry | https://nvd.nist.gov/vuln/detail/CVE-2026-0300 |
| Vendor Advisory | https://security.paloaltonetworks.com/CVE20260300 |

## Disclaimer

For authorized security testing and educational purposes only. Unauthorized access is illegal.

## Author

**@c_y_p_h3r** โ€” Bug bounty hunter & security researcher