Palo Alto Networks has three CVEs this cycle covering unauthenticated RCE on PA-Series hardware (CVE-2026-0264), authentication bypass on CAS-enabled firewalls and Panorama (CVE-2026-0265), and a MitM-dependent RCE in the GlobalProtect client across six platforms (CVE-2026-0250). No CISA KEV listings and no confirmed in-the-wild exploitation are recorded as of the data collection date, but the unauthenticated perimeter exposure of the first two CVEs places them at emergency patch priority for affected hardware. Patches are available for all three.