CVE-2026-0300 is a critical buffer overflow in the PAN-OS User-ID Authentication Portal affecting PA-Series and VM-Series firewalls. Palo Alto Networks confirmed limited active exploitation as of May 6, with no patches available at time of disclosure — remediation releases are expected May 13 and May 28 depending on PAN-OS version. Prisma Access, Cloud NGFW, and Panorama are not affected. With root-level RCE achievable pre-authentication and exploitation already observed in the wild, this is an immediate risk for any organization with the Authentication Portal exposed. The recommended mitigations are to restrict portal access to trusted IP ranges or, where the feature is not required, to disable the Authentication Portal entirely until patches ship. Teams should treat this as an active incident and audit exposure now rather than wait for the patch window.