PAN-OS GlobalProtect (CVE-2026-0257): Authentication Bypass and Active Exploitation

Colleagues—please note: active exploitation of PAN-OS GlobalProtect (CVE-2026-0257) has been observed.
- Palo Alto Networks confirms an authentication bypass via the GlobalProtect portal/gateway when authentication override cookies are enabled and a specific certificate configuration is present.
- Rapid7 recorded successful exploitation attempts on 17 and 21 May; in some cases attackers obtained VPN IP addresses and access to internal networks.
- Recommendations: urgently apply the vendor patch; as a temporary measure, disable authentication override or issue a dedicated certificate for this feature.
Why it matters: a VPN-gateway authentication bypass enables attackers to reach internal resources.
How are you planning to respond in your network?
#cybersecurity #VPN #PaloAlto #vulnerabilities


Latest comments
No comments yet.