No Patch, No Problem — CVE-2026-0300: PAN-OS Firewall RCE Zero-Day

A CVSS 9.3 buffer overflow in PAN-OS Captive Portal grants unauthenticated root-level RCE on PA-Series and VM-Series firewalls. CISA added to KEV on May 6. No patch available until May 13. Approximately 225,000 instances exposed.

2026-05-07T10:02:40.452Z
Rudra Verma, Senior Security Architect & Researcher