Threat actors began exploiting CVE-2026-0257 in Palo Alto Networks PAN-OS just four days after it was publicly disclosed, using forged cookies to bypass authentication on GlobalProtect portal and gateway devices. Rapid7 and CISA reported active exploitation, while Palo Alto Networks issued fixes and urged organizations to patch affected PAN-OS and Prisma Access versions immediately. #CVE-2026-0257 #PaloAltoNetworks #PAN-OS #GlobalProtect #CISA #Rapid7
Keypoints
- Threat actors exploited CVE-2026-0257 shortly after public disclosure.
- The flaw bypasses authentication in GlobalProtect portal and gateway components.
- Rapid7 observed forged cookie attacks across multiple customer environments.
- CISA added the vulnerability to its Known Exploited Vulnerabilities catalog.
- Palo Alto Networks released patches for PAN-OS and Prisma Access versions.
Read More: https://www.securityweek.com/recent-palo-alto-networks-vulnerability-exploited-for-weeks/