Palo Alto Networks says an unknown threat actor is actively exploiting CVE-2026-0257 in PAN-OS to gain unauthorized access to GlobalProtect portals and initiate VPN connections. The company has shared IoCs and urged customers to check for suspicious gateway-connected events, while CISA has already added the flaw to its KEV catalog. #CVE-2026-0257 #PAN-OS #GlobalProtect #PaloAltoNetworks #CISA
Keypoints
- Palo Alto Networks detected active exploitation of CVE-2026-0257.
- The flaw is an authentication bypass in PAN-OS portal and gateway components.
- Attackers can abuse it to bypass controls and establish VPN sessions.
- Only limited attacks have been observed, with no post-access movement identified.
- Palo Alto Networks and CISA have issued guidance and mitigation deadlines.
Read More: https://thehackernews.com/2026/06/palo-alto-warns-of-active-exploitation.html