PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
Summary
Palo Alto Networks has issued a warning that a medium-severity authentication bypass vulnerability in PAN-OS and Prisma Access, tracked as CVE-2026-0257, is currently being actively exploited in the wild. Attackers can exploit this flaw to establish unauthorized VPN connections.
IFF Assessment
The active exploitation of an authentication bypass vulnerability poses a direct threat to defenders as it can be used by attackers to gain unauthorized access.
Severity
The CVSS score of 7.8 indicates a high-severity vulnerability. An authentication bypass allows unauthorized access, which can lead to further compromise of the protected network.
CISA KEV: Listed as actively exploited. Federal patch due: June 01, 2026. Known ransomware use: Unknown.
Defender Context
This article highlights an actively exploited authentication bypass vulnerability in a widely used network security product. Defenders should prioritize patching affected PAN-OS and Prisma Access environments immediately and monitor for any signs of unauthorized VPN connections or suspicious network activity.