CVE-2026-0300 is a critical, actively exploited buffer overflow in the PAN-OS User-ID Authentication Portal that allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls. Affected versions are PAN-OS 10.2.x, 11.1.x, 11.2.x, and 12.1.x; Prisma Access and Cloud NGFW are not affected. No patch is available as of May 6, 2026; vendor hotfixes are targeted for May 13, 2026.