Last updated on May 7, 2026 at 02:01 pm
We’re aware of a critical vulnerability (CVE-2026-0300) affecting the User-ID Authentication Portal (Captive Portal) in Palo Alto’s PAN-OS software, which is a web-based login page that enables user identification for unknown traffic on a network.
The vulnerability could allow an attacker to gain unauthorised access to affected devices by sending specially crafted network traffic.
Please note schools don’t need to take any action at this time, and the potential impact of this is only limited to a small group of schools who use the User-ID Authentication Portal.
We’re currently reviewing the details of this vulnerability, including potential exposure and available mitigation options, and will share further updates when we can.
In the meantime, please refer to Palo Alto’s advisory for more information.