Attackers exploit Palo Alto GlobalProtect flaw days after disclosure
Summary
Attackers are actively exploiting a Palo Alto Networks GlobalProtect vulnerability, tracked as CVE-2026-0257, to gain unauthorized VPN access into corporate networks. The flaw, which allows for credential-less authentication bypass, was initially disclosed as medium severity but was quickly escalated to high urgency by Palo Alto Networks due to observed exploitation.
IFF Assessment
This vulnerability allows attackers to bypass authentication and gain unauthorized VPN access, posing a direct threat to network security.
Severity
The CVSS score of 7.8, as updated by Palo Alto Networks, reflects the vulnerability's potential for significant impact, allowing for unauthorized VPN access and authentication bypass.
CISA KEV: Listed as actively exploited. Federal patch due: June 01, 2026. Known ransomware use: Unknown.
Defender Context
This incident highlights the critical need for prompt patching and diligent monitoring of remote access VPN solutions. Defenders should be particularly wary of credential-less authentication bypass techniques, as they can be exploited rapidly after disclosure without requiring prior compromise of user credentials.