Authentication Bypass in Palo Alto Networks PAN-OS Software
CVE-2026-0257
Key Information:
- Vendor
Palo Alto Networks
- Vendor
- CVE Published:
- 13 May 2026
Badges
What is CVE-2026-0257?
CVE-2026-0257 is a significant vulnerability found in Palo Alto Networks' PAN-OS software, specifically affecting the GlobalProtect portal and gateway. This vulnerability facilitates an authentication bypass, allowing unauthorized users to establish a VPN connection without proper security credentials. The PAN-OS software is essential for managing network security and facilitating secure remote access for organizations. The exploitation of this vulnerability can lead to unauthorized access to sensitive internal networks, potentially exposing critical data and resources to malicious actors. By leveraging this flaw, attackers can bypass essential security mechanisms, undermining the overall integrity of the organizational security posture.
Potential impact of CVE-2026-0257
-
Unauthorized Network Access: Exploitation of this vulnerability enables attackers to gain unauthorized access to internal network resources, posing a severe risk to data confidentiality, integrity, and availability.
-
Data Breaches: Organizations face the threat of significant data breaches, as attackers can potentially access sensitive information, including personally identifiable information (PII), financial data, and proprietary assets.
-
Increased Security Risks: The ability to bypass established security protocols can lead to further vulnerabilities, as attackers may use this access to deploy additional malicious activities, including data exfiltration, deploying ransomware, or infiltrating deeper into the network.
CISA has reported CVE-2026-0257
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-0257 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
PAN-OS 12.1.0 < 12.1.7, 12.1.4-h6
PAN-OS 11.2.0 < 11.2.12, 11.2.10-h7, 11.2.7-h14, 11.2.4-h17
PAN-OS 11.1.0 < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Palo Alto Warns of GlobalProtect VPN Vulnerability Actively Exploited in the Wild - IT Security News
Palo Alto Networks Unit 42 has issued an urgent warning about active exploitation of CVE-2026-0257, a critical authentication bypass vulnerability affecting the GlobalProtect portal and gateway components of PAN-OS software. The flaw allows unauthenticated remote attackers to circumvent security con...
1 week ago
GlobalProtect Authentication Bypass Exploited in 4 Days
CVE-2026-0257 GlobalProtect authentication bypass hit active exploitation four days after disclosure. Two attack waves tracked, CISA KEV listed. Act now.
1 week ago
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw - IT Security News
Palo Alto Networks has revealed that it has observed “active exploitation” of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals. The vulnerability in question is CVE-2026-0257 (CVSS score: 7.8), an authentication…Read more →
1 week ago
References
EPSS Score
86% chance of being exploited in the next 30 days.
CVSS V4
Timeline
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 💰
Used in Ransomware
- 📈
Vulnerability started trending
- 🟡
Public PoC available
- 🦅
CISA Reported
- 📰
First article discovered by It Security News
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved