Researchers are responding to CVE-2026-0257, an authentication-bypass flaw in Palo Alto Networks firewalls that was rapidly upgraded from medium to critical after active exploitation was confirmed. Attackers are using it to bypass security controls and establish VPN access, prompting urgent patching guidance from Palo Alto Networks and inclusion in CISA’s KEV catalog. #CVE-2026-0257 #PaloAltoNetworks #CISA #Rapid7
Keypoints
- CVE-2026-0257 enables remote attackers to bypass authentication on Palo Alto Networks firewalls.
- Rapid7 confirmed active exploitation in customer environments soon after disclosure.
- CISA added the flaw to its known exploited vulnerabilities catalog.
- The exploit can forge a valid authentication cookie using the appliance’s TLS certificate.
- Palo Alto Networks urged customers to patch immediately or apply mitigations.
Read More: https://cyberscoop.com/palo-alto-networks-cve-2026-0257-exploited-vulnerability/