PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
https://thehackernews.com/2026/05/pan-os-globalprotect-authentication.html
Publish Date: 2026-05-30 02:41:00
Source Domain: thehackernews.com
Summary
Palo Alto Networks has issued a strong warning about a recently disclosed medium-severity security vulnerability, CVE-2026-0257, that is impacting PAN-OS and Prisma Access solutions. This vulnerability is an authentication bypass that could enable attackers to establish unauthorized VPN connections. Palo Alto Networks discovered the flaw can be exploited on devices with GlobalProtect portal or gateway configured, particularly with authentication override cookies enabled and specific certificate configurations. Rapid7 has identified successful exploitation attempts by the same threat actor, leading to unauthorized access to internal networks. Urgent action is recommended for organizations running these VPN appliances, either by upgrading to the available patches or using temporary mitigations such as disabling feature override authentication or generating a new restrictive certificate. The U.S. Cybersecurity and Infrastructure Security Agency has included CVE-2026-0257 in its catalog of known exploited vulnerabilities, mandating immediate mitigations by FCEB agencies.
Key Points:
- Authentication bypass vulnerability CVE-2026-0257 affecting PAN-OS and Prisma Access allows unauthorized VPN access.
- Palo Alto Networks and Rapid7 both warn of ongoing exploitation attempts by a consistent threat actor.
- U.S. Cybersecurity and Infrastructure Security Agency has added CVE-2026-0257 to its catalog of exploited vulnerabilities, ordering mitigations by FCEB agencies.
- Temporary fixes include disabling the authentication override feature or using a new certificate exclusively for this purpose.
- Immediate patching or applying the suggested temporary mitigation is urgently needed to prevent exploitation.
