Palo Alto Networks is warning that CVE-2026-0257 in PAN-OS GlobalProtect is being actively exploited to bypass authentication and attempt unauthorized VPN access on unpatched devices. Rapid7 and CISA have confirmed real-world attacks, with exploitation linked to forged authentication override cookies and affected organizations urged to patch or disable the feature immediately. #PaloAltoNetworks #PANOS #GlobalProtect #CVE20260257 #Rapid7 #CISA
Keypoints
- Hackers are exploiting CVE-2026-0257 against PAN-OS GlobalProtect devices.
- The flaw can allow unauthorized VPN connections on unpatched systems.
- Rapid7 observed successful exploitation across numerous customers.
- Attackers used forged authentication override cookies to target local administrator access.
- Admins should patch immediately or disable authentication override and use separate certificates.