A critical PAN-OS vulnerability (CVE-2026-0300) affecting Palo Alto Networks firewalls is under active exploitation, bringing immediate focus to the company’s installed base and security response. The issue enables unauthenticated remote code execution through the User-ID Authentication Portal (Captive Portal), and the company has indicated software fixes are forthcoming starting May 13, 2026. (bleepingcomputer.com)

High-severity, in-the-wild exploitation events can trigger rapid customer action (emergency mitigation, patching, support engagement) and often increase attention on major platform vendors viewed as central to enterprise defense. The same-day catalyst is the active-exploitation reporting and patch timeline, not broad market drift or older analyst commentary. (bleepingcomputer.com)

Key swing factors are the pace of patch availability beginning May 13, whether additional indicators of compromise or scope details emerge, and whether the vendor updates guidance on affected configurations. Any expansion from “limited exploitation” to broader exploitation would likely be incremental news risk, while a clean patch rollout could help sentiment stabilize. (cyberscoop.com)