PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
What’s new: A medium-severity vulnerability in PAN-OS and Prisma Access, tracked as CVE-2026-0257 (CVSS score: 7.8), allows authentication bypass in the GlobalProtect portal and gateway, enabling unauthorized VPN connections. Active exploitation has been reported since May 17, 2026.
Who’s affected
Organizations using PAN-OS with GlobalProtect portal or gateway configured and authentication override cookies enabled are at risk. Exploitation attempts have been observed on unpatched devices.
What to do
- Upgrade to the latest vendor-supplied patch immediately.
- As a temporary measure, disable the authentication override feature or generate a new certificate for its exclusive use.
