a critical zero-day in palo alto networks pan-os firewalls — cve-2026-0300 — allows unauthenticated remote code execution as root and has been actively exploited since april 2026, two months before public disclosure. a separate cvss 10.0 flaw in the n8n workflow automation platform allows full system compromise via unauthenticated form webhooks. two simultaneous maximum-severity vulnerabilities in perimeter and automation infrastructure, with a months-long exploitation window already elapsed, is an unusually dense critical-risk moment for network defenders.