Palo Alto Networks has warned that a critical remote code execution flaw in its PAN-OS firewall software — tracked as CVE-2026-0300 with a CVSS score of 9.3 — is being actively exploited by attackers, requiring no authentication to trigger against internet-facing management portals.