Initial patches for CVE-2026-0300, the critical PAN-OS remote code execution flaw (CVSS 9.3) that has been actively exploited in the wild, became available on May 13, 2026. The patch rollout is staged and expected to complete through May 28; not all affected PAN-OS versions received fixes simultaneously. The vulnerability was previously flagged by CISA with a deadline that passed on May 9 when no patches were yet available. Organizations that have been waiting on vendor fixes should consult Palo Alto Networks' advisory to confirm whether their PAN-OS version is now covered and apply patches immediately given confirmed active exploitation. The Wiz research blog documenting in-the-wild exploitation remains the most detailed public technical reference. Any environment running internet-facing Palo Alto firewalls without patches applied should treat this as an emergency remediation item.