Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Active Exploitation of Palo Alto Networks PAN-OS software

6 May 2026

Palo Alto Networks has released security updates to address a critical vulnerability affecting User-ID Authentication Portal (also known as Captive Portal) service of Palo Alto Networks PAN-OS software. Users and administrators of affected product versions are advised to update to the latest versions immediately.

Background

Palo Alto Networks has released security updates to address a critical vulnerability (CVE-2026-0300) affecting User-ID Authentication Portal (also known as Captive Portal) service of Palo Alto Networks PAN-OS software. The vulnerability has a Common Vulnerability Scoring System (CVSS v4.0) score of 9.3 out of 10.

Impact

Successful exploitation of this vulnerability allows a remote unauthenticated attacker to execute arbitrary code with root privileges on affected PA-Series and VM-Series firewalls by sending specially crafted packets that trigger a buffer overflow condition.

Known Exploitation

Limited exploitation in the wild has been observed.

Affected Products

The vulnerability affects the following Palo Alto Networks software versions:

  • PAN-OS 12.1: Versions prior to 12.1.4-h5, or 12.1.7

  • PAN-OS 11.2: Versions prior to 11.2.4-h17, 11.2.7-h13, 11.2.10-h6, or 11.2.12

  • PAN-OS 11.1: Versions prior to 11.1.4-h33, 11.1.6-h32, 11.1.7-h6, 11.1.10-h25, 11.1.13-h5, or 11.1.15

  • PAN-OS 10.2: Versions prior to 10.2.7-h34, 10.2.10-h36, 10.2.13-h21, 10.2.16-h7, or 10.2.18-h6

Recommendations

Users and administrators of affected product versions are advised to update to the latest versions immediately. 

Until patches are applied, administrators are advised to implement one of the following mitigation measures:

  • Restrict User-ID Authentication Portal access to only trusted zones.

  • Disable User-ID Authentication Portal if not required.

References

https://thehackernews.com/2026/05/palo-alto-pan-os-flaw-under-active.html

https://security.paloaltonetworks.com/CVE-2026-0300

https://live.paloaltonetworks.com/t5/general-articles/why-it-s-essential-to-secure-your-management-interface/ta-p/1001286

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CqbiCAC

Back to top