PAN-OS May 13 Three-CVE Disclosure Bundle

A detailed security advisory from Tailwind Resource Group on the three High-severity PAN-OS CVEs disclosed on May 13, 2026 — an IKEv2 PQC buffer overflow, a DNS Proxy/Server heap overflow with a PA-Series RCE outcome, and a Cloud Authentication Service authentication bypass that also affects Panorama. All three share patch lines — and the same hotfix also closes CVE-2026-0300, the actively-exploited May 5 RCE. One install per device is a four-CVE consolidated fix.

• Tailwind Triage Matrix

  All three CVEs sequenced by configuration prerequisite — why CAS bypass is the P0 (lowest attack complexity, only CVE in the bundle that hits Panorama), DNS is P0 on PA-Series, and PQC IKEv2 is P1.

• One Install Closes Four CVEs — Including the May 5 Active-Exploit

  Combined patch matrix for 10.2, 11.1, 11.2, and 12.1 showing the May 13 hotfix builds are the same builds that fix CVE-2026-0300. Customers carrying May 5 mitigations retire them in the same change. Includes the audit playbook for each configuration prerequisite and workaround sequencing for the May 28 wave.

• Expert Analysis

  Four PAN-OS pre-auth CVEs in eight days as a pattern, why CVE-2026-0300's active-exploit timeline pulled the consolidated May 13 train forward, the CAS bypass blast radius through Panorama, and the Hacktron AI external-researcher attribution in context of the 2026 disclosure cadence.