UPDATE: PAN-OS CVE-2026-0300 — first-wave patched builds released on 2026-05-13

UPDATE (originally covered 2026-05-12): Palo Alto Networks released the first wave of patched PAN-OS builds on 2026-05-13 for the actively-exploited Captive Portal pre-auth RCE, covering PAN-OS 10.2, 11.1, 11.2 and 12.1 (Palo Alto Networks PSIRT, last updated 2026-05-07; patch table confirmed 2026-05-13). Concretely: PAN-OS 12.1.4-h5 (2026-05-13) plus 12.1.7 (planned 2026-05-28); PAN-OS 11.2 multiple builds staged 2026-05-13–2026-05-28; PAN-OS 11.1 and 10.2 on a similar cadence. Prisma Access, Cloud NGFW and Panorama remain unaffected. Threat Prevention signature ID 510019 remains the interim control for any unpatched instance. The CISA KEV deadline of 2026-05-09 is — per the audience-applicability rule in the daily prompt — irrelevant for CH/EU jurisdiction; the operational driver is the active exploitation by CL-STA-1132 documented previously.