Palo Alto Networks has started shipping patches for CVE-2026-0300, a critical unauthenticated remote code execution vulnerability in the PAN-OS User-ID Authentication Portal with a CVSS score of 9.3. The flaw is a buffer overflow granting root-level access to unauthenticated attackers; affected versions span PAN-OS 10.2, 11.1, 11.2, and 12.1. Initial patches are available as of May 13, with the full remediation rollout continuing through May 28. At least 67 instances were observed exposed on port 6081 during active exploitation. With patches now in hand, operators must prioritize immediate upgrade for any internet-facing PAN-OS appliances. CISA had already added CVE-2026-0300 to the Known Exploited Vulnerabilities catalog with a deadline that passed on May 9; the absence of patches at that time made compliance impossible. Now that fixes are shipping, the window for unpatched exposure is closing and continued delay materially elevates breach risk across network perimeter infrastructure.