Palo Alto Networks says CVE-2026-0257 in PAN-OS and Prisma Access is being actively exploited, allowing attackers to bypass authentication and establish unauthorized VPN connections through GlobalProtect. Rapid7 observed successful exploitation in multiple customer environments, and Palo Alto Networks urges urgent patching or temporary mitigations such as disabling authentication override or using a dedicated certificate. #CVE-2026-0257 #PAN-OS #PrismaAccess #GlobalProtect #PaloAltoNetworks #Rapid7
Keypoints
- CVE-2026-0257 is an authentication bypass flaw in Palo Alto Networks PAN-OS and Prisma Access.
- The bug can let attackers create unauthorized VPN connections through GlobalProtect.
- Palo Alto Networks has confirmed limited exploit attempts against unpatched devices.
- Rapid7 observed successful exploitation in multiple customer environments in May 2026.
- Recommended defenses include urgent patching, disabling authentication override, or using a dedicated certificate.
Read More: https://thehackernews.com/2026/05/pan-os-globalprotect-authentication.html