Palo Alto Networks Warns of Active Exploitation of GlobalProtect Authentication Bypass Flaw

Palo Alto Networks has warned customers that attackers are actively exploiting CVE-2026-0257, a high-severity authentication bypass vulnerability affecting the GlobalProtect portal and gateway in PAN-OS. The flaw allows threat actors to bypass authentication controls and potentially establish unauthorized VPN connections, prompting the company to raise its severity rating following observed exploitation attempts on unpatched systems. Researchers at Rapid7 reported two waves of attacks beginning in May and observed successful use of forged authentication cookies, with some incidents resulting in access to internal networks. Organizations are urged to apply available patches immediately or implement mitigations, while CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog and mandated remediation for federal agencies.

Reference: infosecurity-magazine.com