Authentication Bypass in Palo Alto Networks PAN-OS Software
CVE-2026-0257

7.8HIGH

Key Information:

Vendor: Palo Alto Networks
Status: Cloud Ngfw; Pan-os; Prisma Access
Vendor: CVE Published:; 13 May 2026

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

🔥 Trending now📈 Trended📈 Score: 9,710💰 Ransomware👾 Exploit Exists🟡 Public PoC🟣 EPSS 52%🦅 CISA Reported📰 News Worthy

What is CVE-2026-0257?

CVE-2026-0257 is a significant vulnerability found in Palo Alto Networks' PAN-OS software, specifically affecting the GlobalProtect portal and gateway. This vulnerability facilitates an authentication bypass, allowing unauthorized users to establish a VPN connection without proper security credentials. The PAN-OS software is essential for managing network security and facilitating secure remote access for organizations. The exploitation of this vulnerability can lead to unauthorized access to sensitive internal networks, potentially exposing critical data and resources to malicious actors. By leveraging this flaw, attackers can bypass essential security mechanisms, undermining the overall integrity of the organizational security posture.

Potential impact of CVE-2026-0257

Unauthorized Network Access: Exploitation of this vulnerability enables attackers to gain unauthorized access to internal network resources, posing a severe risk to data confidentiality, integrity, and availability.
Data Breaches: Organizations face the threat of significant data breaches, as attackers can potentially access sensitive information, including personally identifiable information (PII), financial data, and proprietary assets.
Increased Security Risks: The ability to bypass established security protocols can lead to further vulnerabilities, as attackers may use this access to deploy additional malicious activities, including data exfiltration, deploying ransomware, or infiltrating deeper into the network.

CISA has reported CVE-2026-0257

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-0257 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

PAN-OS 12.1.0 < 12.1.7, 12.1.4-h6

PAN-OS 11.2.0 < 11.2.12, 11.2.10-h7, 11.2.7-h14, 11.2.4-h17

PAN-OS 11.1.0 < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-0257
Created by sfewer-r7

CVE-2026-0257
Created by tushargurav28

CVE-2026-0257
Created by Mr-Robot-LP

News Articles

Help Net Security

CVE-2026-41089 CVE-2026-0257

Week in review: Cisco SD-WAN 0-day exploited, Patch Tuesday forecast - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: OWASP Agent Memory Guard: Stop AI agents from being

1 day ago

It Security News

CVE-2026-0257

CISA Warns of Active Exploitation of Palo Alto Networks PAN-OS Vulnerability - IT Security News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert warning that threat actors are actively exploiting a critical vulnerability in Palo Alto Networks PAN-OS, tracked as CVE-2026-0257. The flaw, categorized as an authentication bypass issue, allows…Read more →

6 days ago

It Security News

CVE-2026-0257

Palo Alto warns of active exploitation of GlobalProtect authentication bypass flaw - IT Security News

Palo Alto Networks has alerted customers about the ongoing exploitation of the authentication bypass vulnerability in PAN-OS GlobalProtect. The vulnerability, tracked as CVE-2026-0257, lets unauthenticated actors bypass security measures and set up unsanctioned connections to vulnerable GlobalProtec...

6 days ago

References

https://security.paloaltonetworks.com/CVE-2026-0257

vendor-advisory

EPSS Score

52% chance of being exploited in the next 30 days.

CVSS V4

Score:

7.8

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

💰
Used in Ransomware
May 31, 2026
📈
Vulnerability started trending
May 30, 2026
🟡
Public PoC available
May 29, 2026
🦅
CISA Reported
May 29, 2026
📰
First article discovered by It Security News
May 29, 2026
👾
Exploit known to exist
May 13, 2026
Vulnerability published
May 13, 2026
Vulnerability Reserved
Nov 3, 2025

Credit

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.

CVE-2026-0257 Data

JSON