Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
Summary
Palo Alto Networks has reported that an unknown threat actor is actively exploiting a PAN-OS vulnerability, CVE-2026-0257. This authentication bypass flaw affects GlobalProtect portals and gateways, allowing unauthorized access.
IFF Assessment
The active exploitation of a vulnerability to gain unauthorized access to network devices poses a direct threat to defenders.
Severity
The CVSS score of 7.8 indicates a High severity vulnerability. The attack vector is likely Network, and the impact includes Confidentiality, Integrity, and Availability, stemming from an authentication bypass flaw.
CISA KEV: Listed as actively exploited. Federal patch due: June 01, 2026. Known ransomware use: Unknown.
Defender Context
This active exploitation highlights the critical need for organizations to promptly patch their PAN-OS systems, particularly those exposed via GlobalProtect. Defenders should monitor network traffic for signs of suspicious authentication attempts or unauthorized access to their VPN infrastructure.