Authentication Bypass in Palo Alto Networks PAN-OS Software
CVE-2026-0257

4.7MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Cloud Ngfw; Pan-os; Prisma Access
Vendor: CVE Published:; 13 May 2026

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2026-0257?

The authentication bypass vulnerability in Palo Alto Networks' PAN-OS software presents a significant security risk by allowing unauthorized access to the GlobalProtect portal and gateway. This flaw enables attackers to circumvent authentication mechanisms, potentially gaining unauthorized VPN connections and compromising the integrity of network security. It is crucial for users of affected PAN-OS versions to apply necessary patches to mitigate this risk, as Panorama and Cloud NGFW products are not affected by these vulnerabilities.

Affected Version(s)

PAN-OS 12.1.0 < 12.1.7, 12.1.4-h6

PAN-OS 11.2.0 < 11.2.12, 11.2.10-h7, 11.2.7-h14, 11.2.4-h17

PAN-OS 11.1.0 < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33

References

https://security.paloaltonetworks.com/CVE-2026-0257

vendor-advisory

CVSS V4

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 13, 2026
Vulnerability published
May 13, 2026
Vulnerability Reserved
Nov 3, 2025

Credit

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.

CVE-2026-0257 Data

JSON