Authentication Bypass in Palo Alto Networks PAN-OS Software
CVE-2026-0257
Key Information:
- Vendor
Palo Alto Networks
- Vendor
- CVE Published:
- 13 May 2026
Badges
What is CVE-2026-0257?
CVE-2026-0257 is a significant vulnerability found in Palo Alto Networks' PAN-OS software, specifically affecting the GlobalProtect portal and gateway. This vulnerability facilitates an authentication bypass, allowing unauthorized users to establish a VPN connection without proper security credentials. The PAN-OS software is essential for managing network security and facilitating secure remote access for organizations. The exploitation of this vulnerability can lead to unauthorized access to sensitive internal networks, potentially exposing critical data and resources to malicious actors. By leveraging this flaw, attackers can bypass essential security mechanisms, undermining the overall integrity of the organizational security posture.
Potential impact of CVE-2026-0257
-
Unauthorized Network Access: Exploitation of this vulnerability enables attackers to gain unauthorized access to internal network resources, posing a severe risk to data confidentiality, integrity, and availability.
-
Data Breaches: Organizations face the threat of significant data breaches, as attackers can potentially access sensitive information, including personally identifiable information (PII), financial data, and proprietary assets.
-
Increased Security Risks: The ability to bypass established security protocols can lead to further vulnerabilities, as attackers may use this access to deploy additional malicious activities, including data exfiltration, deploying ransomware, or infiltrating deeper into the network.
CISA has reported CVE-2026-0257
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-0257 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
PAN-OS 12.1.0 < 12.1.7, 12.1.4-h6
PAN-OS 11.2.0 < 11.2.12, 11.2.10-h7, 11.2.7-h14, 11.2.4-h17
PAN-OS 11.1.0 < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Week in review: Cisco SD-WAN 0-day exploited, Patch Tuesday forecast - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: OWASP Agent Memory Guard: Stop AI agents from being
1 day ago
CISA Warns of Active Exploitation of Palo Alto Networks PAN-OS Vulnerability - IT Security News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert warning that threat actors are actively exploiting a critical vulnerability in Palo Alto Networks PAN-OS, tracked as CVE-2026-0257. The flaw, categorized as an authentication bypass issue, allows…Read more →
6 days ago
Palo Alto warns of active exploitation of GlobalProtect authentication bypass flaw - IT Security News
Palo Alto Networks has alerted customers about the ongoing exploitation of the authentication bypass vulnerability in PAN-OS GlobalProtect. The vulnerability, tracked as CVE-2026-0257, lets unauthenticated actors bypass security measures and set up unsanctioned connections to vulnerable GlobalProtec...
6 days ago
References
EPSS Score
52% chance of being exploited in the next 30 days.
CVSS V4
Timeline
- 💰
Used in Ransomware
- 📈
Vulnerability started trending
- 🟡
Public PoC available
- 🦅
CISA Reported
- 📰
First article discovered by It Security News
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved