Palo Alto Networks has four concurrent vulnerabilities across the same PAN-OS version branches this week, two rated Critical (CVSS 9.5) and two rated High, all affecting PA-Series and VM-Series firewalls. One CVE (CVE-2026-0300, Captive Portal RCE) has confirmed active exploitation in the wild with patches still pending for some branches. The combination of unauthenticated attack vectors, perimeter firewall positioning, and staggered patch availability creates a compounding risk window extending through late May 2026.