Three PAN-OS CVEs this cycle share the same four affected version branches (10.2, 11.1, 11.2, 12.1), meaning a single unpatched firewall fleet carries exposure to authentication bypass on the management plane, authentication bypass on GlobalProtect VPN, and dataplane denial-of-service simultaneously. Two of the three flaws are unauthenticated and network-accessible, directly threatening perimeter control and remote access infrastructure.