Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw

Palo Alto Networks disclosed active exploitation of CVE-2026-0257, an authentication bypass flaw in PAN-OS GlobalProtect.

• •CVE-2026-0257 (CVSS 7.8) affects PAN-OS portal and gateway components, allowing unauthorized VPN connections
• •Exploitation began May 17, 2026, with limited attacks successfully establishing VPN sessions
• •Threat actors bypassed authentication controls without detecting post-access behavior or lateral movement
• •Palo Alto published IoCs including IP addresses, hostnames, and specific client configuration values for detection
• •CISA added the vulnerability to KEV catalog with a June 1, 2026 remediation deadline for federal agencies

This summary was automatically generated by AI based on the original article and may not be fully accurate.