Palo Alto Networks has four CVEs this cycle spanning PAN-OS firewall infrastructure and the GlobalProtect client, with one confirmed actively exploited unauthenticated root RCE on internet-exposed captive portals (CVE-2026-0300) and two additional authentication bypass flaws affecting management interfaces and VPN gateways. A fourth vulnerability enables local privilege escalation to SYSTEM or root on all desktop platforms running the GlobalProtect App client. The combination of perimeter RCE, management plane auth bypass, and VPN credential bypass across overlapping version branches creates a layered attack surface that demands coordinated, prioritized response.