PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

2026-05-30

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

Palo Alto Networks PAN-OS and Prisma Access suffer from an authentication bypass vulnerability (CVE-2026-0257, CVSS 7.8) that is currently under active exploitation in the wild.

•The vulnerability affects firewalls with GlobalProtect portal or gateway configured when authentication override cookies are enabled and specific certificate configurations exist
•Rapid7 identified successful exploitation attempts starting from May 17, 2026, with a second wave on May 21, assessed to be from the same threat actor
•In some cases, attackers established VPN connections and gained access to internal networks after bypassing authentication
•Temporary mitigations include disabling the authentication override feature or generating a new certificate for the authentication override feature
•

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code

Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues