The flaw solely impacts PAN-OS deployments the place Consumer-ID Authentication Portal is enabled. Affected variations span a number of PAN-OS launch branches, together with 10.2,11.1, and 12.1 releases previous to patched builds scheduled for rollout in Might.
Wiz researcher Merav Bar stated the Google-owned analysis agency discovered a complete 7% of environments having publicly uncovered PAN-OS situations. Nonetheless, what number of of them have the affected portal enabled will not be recognized. “Since this portal makes use of ports 6081 and 6082, the publicity of those particular ports is the first metric for exploitability,” she added in a weblog put up. “At present, Shodan identifies 67 uncovered PAN-OS servers on port 6081, with none detected on port 6082.”
The vulnerability has additionally attracted authorities consideration. The US Cybersecurity and Infrastructure Safety Company (CISA) added CVE-2026-0300 to its recognized Exploited Vulnerabilities (KEV) catalog shortly after the disclosure, whereas a number of nationwide cybersecurity businesses warned organizations to imagine additional exploitation is probably going.
