Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
Summary
Palo Alto Networks has issued a warning that a critical authentication bypass flaw in its GlobalProtect VPN, identified as CVE-2026-0257, is actively being exploited by attackers to compromise corporate networks. The vulnerability allows unauthenticated attackers to bypass authentication and gain access to sensitive systems.
IFF Assessment
This vulnerability allows attackers to bypass authentication, posing a direct threat to organizational security and enabling unauthorized access to corporate networks.
Severity
The CVSS score is estimated to be high (9.0) due to the critical nature of an authentication bypass vulnerability (Attack Vector: Network, Privileges Required: None, User Interaction: None) that can lead to complete system compromise (Impact: High).
CISA KEV: Listed as actively exploited. Federal patch due: June 01, 2026. Known ransomware use: Unknown.
Defender Context
This highlights the immediate need for organizations using Palo Alto GlobalProtect VPN to apply the relevant patches and review their security posture. Defenders should be vigilant for any signs of compromise or unusual network activity, as attackers are actively leveraging this vulnerability for initial access.