CISA added CVE-2026-0300 — a root-level remote code execution flaw in Palo Alto PAN-OS that is actively exploited — to its Known Exploited Vulnerabilities catalog on May 6 with a binding operational directive deadline of May 9 for all FCEB agencies. As of the deadline date, Palo Alto has not yet released a patch; the vendor's fix is scheduled for May 13. Agencies and operators unable to patch must apply available compensating controls or isolate affected devices.