Authentication Bypass in Palo Alto Networks PAN-OS Software
CVE-2026-0257

7.8HIGH

Key Information:

Vendor: Palo Alto Networks
Status: Cloud Ngfw; Pan-os; Prisma Access
Vendor: CVE Published:; 13 May 2026

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

🥇 Trended No. 1📈 Trended📈 Score: 9,710💰 Ransomware👾 Exploit Exists🟡 Public PoC🟣 EPSS 86%🦅 CISA Reported📰 News Worthy

What is CVE-2026-0257?

CVE-2026-0257 is a significant vulnerability found in Palo Alto Networks' PAN-OS software, specifically affecting the GlobalProtect portal and gateway. This vulnerability facilitates an authentication bypass, allowing unauthorized users to establish a VPN connection without proper security credentials. The PAN-OS software is essential for managing network security and facilitating secure remote access for organizations. The exploitation of this vulnerability can lead to unauthorized access to sensitive internal networks, potentially exposing critical data and resources to malicious actors. By leveraging this flaw, attackers can bypass essential security mechanisms, undermining the overall integrity of the organizational security posture.

Potential impact of CVE-2026-0257

Unauthorized Network Access: Exploitation of this vulnerability enables attackers to gain unauthorized access to internal network resources, posing a severe risk to data confidentiality, integrity, and availability.
Data Breaches: Organizations face the threat of significant data breaches, as attackers can potentially access sensitive information, including personally identifiable information (PII), financial data, and proprietary assets.
Increased Security Risks: The ability to bypass established security protocols can lead to further vulnerabilities, as attackers may use this access to deploy additional malicious activities, including data exfiltration, deploying ransomware, or infiltrating deeper into the network.

CISA has reported CVE-2026-0257

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-0257 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

PAN-OS 12.1.0 < 12.1.7, 12.1.4-h6

PAN-OS 11.2.0 < 11.2.12, 11.2.10-h7, 11.2.7-h14, 11.2.4-h17

PAN-OS 11.1.0 < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-0257
Created by sfewer-r7

CVE-2026-0257
Created by tushargurav28

CVE-2026-0257
Created by Mr-Robot-LP

News Articles

It Security News

CVE-2026-0257

Palo Alto Warns of GlobalProtect VPN Vulnerability Actively Exploited in the Wild - IT Security News

Palo Alto Networks Unit 42 has issued an urgent warning about active exploitation of CVE-2026-0257, a critical authentication bypass vulnerability affecting the GlobalProtect portal and gateway components of PAN-OS software. The flaw allows unauthenticated remote attackers to circumvent security con...

1 week ago

Latesthackingnews

CVE-2026-0257

GlobalProtect Authentication Bypass Exploited in 4 Days

CVE-2026-0257 GlobalProtect authentication bypass hit active exploitation four days after disclosure. Two attack waves tracked, CISA KEV listed. Act now.

1 week ago

It Security News

CVE-2026-0257

Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw - IT Security News

Palo Alto Networks has revealed that it has observed “active exploitation” of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals. The vulnerability in question is CVE-2026-0257 (CVSS score: 7.8), an authentication…Read more →

1 week ago

References

https://security.paloaltonetworks.com/CVE-2026-0257

vendor-advisory

EPSS Score

86% chance of being exploited in the next 30 days.

CVSS V4

Score:

7.8

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🥇
Vulnerability reached the number 1 worldwide trending spot
Jun 20, 2026
💰
Used in Ransomware
May 31, 2026
📈
Vulnerability started trending
May 30, 2026
🟡
Public PoC available
May 29, 2026
🦅
CISA Reported
May 29, 2026
📰
First article discovered by It Security News
May 29, 2026
👾
Exploit known to exist
May 13, 2026
Vulnerability published
May 13, 2026
Vulnerability Reserved
Nov 3, 2025

Credit

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.

CVE-2026-0257 Data

JSON