Palo Alto Networks disclosed three vulnerabilities this week across PAN-OS and GlobalProtect, all affecting the same four release branches (10.2, 11.1, 11.2, 12.1). The most critical — CVE-2026-0264 — allows unauthenticated RCE on PA-Series hardware firewalls via the DNS Proxy component, with patches not yet available for all affected branches at publication. The remaining two are medium-severity DoS and authentication bypass issues that compound perimeter risk when unpatched alongside CVE-2026-0264.