惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
L
LINUX DO - 最新话题
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Forbes - Security
Forbes - Security
博客园 - 司徒正美
Hugging Face - Blog
Hugging Face - Blog
W
WeLiveSecurity
Jina AI
Jina AI
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
N
News and Events Feed by Topic
V
V2EX
Stack Overflow Blog
Stack Overflow Blog
Engineering at Meta
Engineering at Meta
PCI Perspectives
PCI Perspectives
Martin Fowler
Martin Fowler
T
The Exploit Database - CXSecurity.com
F
Full Disclosure
WordPress大学
WordPress大学
S
Security Affairs
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
S
SegmentFault 最新的问题
P
Privacy International News Feed
IT之家
IT之家
M
MIT News - Artificial intelligence
G
GRAHAM CLULEY
Hacker News: Ask HN
Hacker News: Ask HN
D
DataBreaches.Net
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Google Online Security Blog
Google Online Security Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
Check Point Blog
美团技术团队
Security Latest
Security Latest
Cyberwarzone
Cyberwarzone
N
News and Events Feed by Topic
MyScale Blog
MyScale Blog
H
Help Net Security
宝玉的分享
宝玉的分享
The Hacker News
The Hacker News
The Last Watchdog
The Last Watchdog
The Cloudflare Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
爱范儿
爱范儿
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
I
Intezer
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
AI
AI
I
InfoQ
N
News | PayPal Newsroom
TaoSecurity Blog
TaoSecurity Blog

Rapid7 Cybersecurity Blog

Sunsetting the Public AttackerKB Platform | Rapid7 Rapid7 Rapid7 Labs: Investigating Persistence Mechanisms in AWS Rapid7 CVE-2026-55040: Microsoft SharePoint JWT Token Authentication Bypass (FIXED) Rapid7 and Mindware Partner Across the Middle East Rapid7 Security Teams Are Ready To Become More Preemptive. What’s Holding Them Back? A Day With Your Vector Command Red Team Pod Rapid7 Formalizing Red Teaming Offensive Methodology as a Multi-Agent AI Architecture 5 Myths About AI in the SOC Security Teams Need to Rethink Modernizing Global Vulnerability Standards For The Age Of AI Rapid7 Why AI and Compliance Are Forcing A New Security Operating Model, with Rapid7's Corey Thomas & Sabeen Malik Why SIEM is Moving Toward Unified Security Operations: Rapid7 Named a Major Player in IDC MarketScape Rapid7 Why Security Teams Need To Start Earlier: New eBook on the Need for Preemptive Security Malware à la Mode: Tracking Dropping Elephant Tradecraft Through a China-Themed Loader Chain NIS2 is raising the bar. Here’s how to turn readiness into resilience. Does Your Security Programme Align With NIS2 Requirements? Beyond the Score: Using AI to Translate CVEs into Real-World Business Risk Weekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modules Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273) Automated Threat Hunting: Turning Threat Intelligence into Executable Hunt Plans Criminal AI-as-a-Service in 2026: How the Underground Market Is Operationalizing Cybercrime CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry Patch Tuesday - June 2026 Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751) Weekly Metasploit Update: Apache ActiveMQ RCE, Gogs Rebase RCE, and Windows Kernel Pointer Enum How the “Swiss Cheese” model can help you choose the right MDR provider A Day in the Life of an MDR Analyst: Inside the Modern SOC Rapid7 Gains Access To Anthropic’s Project Glasswing To Explore Frontier AI For Cybersecurity CVE-2026-0826: How an Old Bug Can Feed AI-Powered Impersonation CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED) Rapid7 and Exclusive Networks Expand Partnership Across the Nordics Metasploit Wrap Up 05/29/2026 Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257) Experts on Experts: Why Compliance is becoming Continuous CVE-2026-52806: Authenticated RCE via Argument Injection in Gogs (FIXED as of June 7, 2026) How Security Leaders Cut Through Complexity to Drive Better Outcomes Metasploit Wrap Up 05/22/2026 Q1 2026 Threat Landscape Report: Zero-clicks, geopolitical tensions, and some wins for law enforcement Operationalizing CTEM Faster: Build Surface Command Dashboards in Minutes Rapid7’s 2026 Global Cybersecurity Summit: Key Takeaways for Security Leaders Metasploit Wrap-Up 05/15/2026 CVE-2026-0265: Authentication Bypass in Palo Alto Networks PAN-OS CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED) When Network Controllers Become "God Mode" for Attackers Pluribus and the Path to Domain Compromise: A ModeloRAT Case Study Rapid7 Drives Partner Impact with Stevie Award-Winning Certifications Patch Tuesday - May 2026 Last Chance to Join the Rapid7 Global Cybersecurity Summit Metasploit Wrap-Up 05/08/2026 How Rapid7 is Bringing Cyber GRC Closer To Security Operations Scaling Detection Engineering at the Speed of Software, with Detection As Code Rapid7 and OpenAI: Advancing AI For Preemptive Security Why Security in 2026 Requires Continuous Threat and Exposure Management (CTEM) at Scale Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware A Walkthrough of the 2026 Global Cybersecurity Summit Agenda Metasploit Wrap-Up 05/01/2026 Five Things we Took Away from Gartner SRM Sydney 2026 CVE-2026-41940: cPanel & WHM Authentication Bypass Experts on Experts: The 2026 Threat Landscape is Moving Faster than Defenders Expect Get Motivated: What to Expect from Our Keynote at Rapid7's Global Cybersecurity Summit MDR Selection is a Partnership Decision Metasploit Wrap-Up 04/25/2026 3 Reasons to Attend our Global Cybersecurity Summit if you’re Focused on AI, Threats, and CTEM AI is Changing Vulnerability Discovery and your Software Supply Chain Strategy has to Change with it Kyber Ransomware Double Trouble: Windows and ESXi Attacks Explained From Bulk Export to AI-ready Security Workflows: Introducing Rapid7’s Open-Source MCP Server and Agent Skill Project Glasswing and the Next Challenge for Defenders: Turning Faster Discovery into Faster Action Metasploit Wrap-Up 04/17/2026 CVE-2026-33032: Nginx UI Missing MCP Authentication Rapid7 Analysis: ClickFix-style Phishing Campaign Uses Fake Claude Installer Rapid7 Exposure Command and Remediation Hub: A Clearer Path from Exposure to Patch Patch Tuesday - April 2026 Your Cloud Detection Strategy in 2026: What to Expect at the Global Cybersecurity Summit Turning Log Lines into Answers: Instant Clarity for SOC Teams Metasploit Wrap-Up 04/10/2026 Project Glasswing: What Security Leaders Should Know and Do Now What’s New in Rapid7 Products and Services: Q1 2026 in Review Investigating FortiGate CVE-2025-59718 Exploitation: IR Tales from The Field A First Look at Our Speaker Lineup and Agenda for the Rapid7 2026 Global Cybersecurity Summit Metasploit Wrap-Up 04/03/2026 You Don’t Have a Security Problem, You Have a Visibility Problem New Whitepaper: Stealthy BPFDoor Variants are a Needle That Looks Like Hay What CISOs Should Expect from AI Powered MDR in 2026, According to Rapid7 CEO Corey Thomas Initial Access Brokers have Shifted to High-Value Targets and Premium Pricing Red Teaming in 2026: What to Expect at our 2026 Global Cybersecurity Summit Metasploit Wrap-Up 03/27/2026 Why CVSS is No Longer Enough for Exposure Management From Vectors to Verdicts: Web App Testing with Vector Command Rapid7 Completes BSI C5 Type 2 Examination: Stronger Cloud Security for DACH Organizations New Whitepaper: Exploiting Cellular-based IoT Devices CVE-2026-3055: Citrix NetScaler ADC and NetScaler Gateway Out-of-Bounds Read Metasploit Wrap-Up 03/20/2026 Negotiating with the Board: Translating Active Risk into Financial Exposure
Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)
Jonah Burgess · 2026-05-06 · via Rapid7 Cybersecurity Blog

Overview

On May 6, 2026, Palo Alto Networks published a security advisory for CVE-2026-0300, a critical unauthenticated buffer overflow vulnerability affecting PAN-OS PA-Series and VM-Series firewall appliances. Prisma Access, Cloud NGFW, and Panorama appliances are not affected by this vulnerability. The vulnerability carries a CVSSv4 score of 9.3 and has been confirmed as exploited in the wild by the vendor.

CVE-2026-0300 is a buffer overflow (CWE-787) in the User-ID™ Authentication Portal (also known as Captive Portal), a non-default PAN-OS feature used to map IP addresses to usernames. An unauthenticated remote attacker can exploit this vulnerability by sending specially crafted packets to a device with the Authentication Portal enabled, achieving arbitrary code execution with root privileges on the affected firewall. No authentication or user interaction is required.

Palo Alto Networks has confirmed limited exploitation in the wild targeting Authentication Portals exposed to either untrusted IP addresses or the public internet. No patches are currently available; fixed versions are expected to begin rolling out on May 13, 2026, with additional releases through May 28, 2026.

PAN-OS is among the most widely deployed enterprise firewall operating systems in the world. Shodan identifies approximately 225,000 internet-facing PAN-OS instances, representing a significant attack surface. Rapid7 strongly urges all organizations running affected PAN-OS versions with the User-ID Authentication Portal enabled to apply the available workarounds immediately and prioritize patching as soon as fixed versions become available.

Update #1: On May 6, 2026, CVE-2026-0300 was added to the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) list of known exploited vulnerabilities (KEV), based on evidence of active exploitation. Palo Alto Networks Unit 42 also published a threat brief attributing observed exploitation to CL-STA-1132, a likely state-sponsored threat cluster that deployed open-source tunneling tools and conducted Active Directory enumeration following initial compromise.

Mitigation guidance

Organizations running PA-Series and VM-Series firewalls with the User-ID™ Authentication Portal enabled should apply the available workarounds immediately and prioritize patching as soon as fixed versions are released. Check the official documentation to establish whether the affected User-ID™ Authentication Portal is currently enabled.

According to the Palo Alto Networks advisory, the following versions are affected by CVE-2026-0300:

Product

Affected

Unaffected

Fix ETA

PAN-OS 12.1

< 12.1.4-h5

< 12.1.7

>= 12.1.4-h5

>= 12.1.7

05/13

05/28

PAN-OS 11.2

< 11.2.4-h17

< 11.2.7-h13

< 11.2.10-h6

< 11.2.12

>= 11.2.4-h17

>= 11.2.7-h13

>= 11.2.10-h6

>= 11.2.12

05/28

05/13

05/13

05/28

PAN-OS 11.1

< 11.1.4-h33

< 11.1.6-h32

< 11.1.7-h6

< 11.1.10-h25

< 11.1.13-h5

< 11.1.15

>= 11.1.4-h33

>= 11.1.6-h32

>= 11.1.7-h6

>= 11.1.10-h25

>= 11.1.13-h5

>= 11.1.15

05/13

05/13

05/28

05/13

05/13

05/28

PAN-OS 10.2

< 10.2.7-h34

< 10.2.10-h36

< 10.2.13-h21

< 10.2.16-h7

< 10.2.18-h6

>= 10.2.7-h34

>= 10.2.10-h36

>= 10.2.13-h21

>= 10.2.16-h7

>= 10.2.18-h6

05/28

05/13

05/28

05/28

05/13

As of May 13, 2026, the first round of patches has been published. Until the remaining awaited patches are available, Palo Alto Networks recommends one of the following workarounds:

  • Restrict User-ID™ Authentication Portal access to only trusted internal zones. Refer to Step 6 of the Live Community article and the Knowledgebase article for instructions on restricting access.

  • Disable User-ID™ Authentication Portal entirely if it is not required (Device > User Identification > Authentication Portal Settings > uncheck Enable Authentication Portal).

Please refer to the vendor advisory for the latest guidance.

Rapid7 customers

Exposure Command, InsightVM, and Nexpose

Exposure Command, InsightVM, and Nexpose customers can assess exposure to CVE-2026-0300 with authenticated vulnerability checks available in the May 6th, 2026 content release.

Updates

  • May 6, 2026: Initial publication.

  • May 7, 2026: Updated overview to note the addition to CISA KEV and the Unit 42 threat brief attributing exploitation to CL-STA-1132.
  • May 13, 2026: Updated Mitigation guidance section to state that patches expected on May 13 have been published.