This was already published by Jazz Cyber Shield. This is not a "patch it next sprint" situation. Unauthenticated root-level RCE. No credentials needed. No user interaction needed. State-sponsored actors confirmed inside networks since mid-April 2026. CISA added it to the Known Exploited Vulnerabilities catalog on May 6 with a federal remediation deadline of May 9. Patches only started shipping May 13. If you manage PA-Series or VM-Series firewalls, here is everything you need to know and do. The Vulnerability in Plain Terms CVE-2026-0300 is a buffer overflow (CWE-787: Out-of-Bounds Write) in the User-ID Authentication Portal service of PAN-OS — also known as the Captive Portal. It is the service that maps unknown IP addresses to user identities. Common in guest networks, BYOD environments, contractor segments. An attacker sends specially crafted packets to the portal. The service mishandles memory. The attacker gets arbitrary code execution with root privileges on the firewall.…