This flaw is an out-of-bounds write vulnerability in the User-ID Captive Portal service of Palo Alto Networks PAN-OS. An unauthenticated remote attacker can send specially crafted packets to achieve arbitrary code execution with root privileges on affected devices. This CVE is known exploited and listed in CISA KEV, making it an immediate high priority threat.
Remediation
Apply the official vendor security patch for this vulnerability as soon as possible. Until patching, restrict access to the User-ID Authentication Portal to only trusted zones, or disable the feature if it is not in use. Follow BOD 22-01 guidance if mitigations are not possible.
Exploit info
This exploit has been recorded in <strong>CISA KEV</strong> (CISA Known Exploited Vulnerabilities catalog, dateAdded 2026-05-06). You may check Exploit-DB or GitHub for potential exploit details.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.