Authentication Bypass in Palo Alto Networks PAN-OS Software
CVE-2026-0257

7.8HIGH

Key Information:

Vendor: Palo Alto Networks
Status: Cloud Ngfw; Pan-os; Prisma Access
Vendor: CVE Published:; 13 May 2026

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

🔥 Trending now📈 Trended📈 Score: 7,670💰 Ransomware👾 Exploit Exists🟡 Public PoC🟣 EPSS 36%🦅 CISA Reported📰 News Worthy

What is CVE-2026-0257?

CVE-2026-0257 is a significant vulnerability found in Palo Alto Networks' PAN-OS software, specifically affecting the GlobalProtect portal and gateway. This vulnerability facilitates an authentication bypass, allowing unauthorized users to establish a VPN connection without proper security credentials. The PAN-OS software is essential for managing network security and facilitating secure remote access for organizations. The exploitation of this vulnerability can lead to unauthorized access to sensitive internal networks, potentially exposing critical data and resources to malicious actors. By leveraging this flaw, attackers can bypass essential security mechanisms, undermining the overall integrity of the organizational security posture.

Potential impact of CVE-2026-0257

Unauthorized Network Access: Exploitation of this vulnerability enables attackers to gain unauthorized access to internal network resources, posing a severe risk to data confidentiality, integrity, and availability.
Data Breaches: Organizations face the threat of significant data breaches, as attackers can potentially access sensitive information, including personally identifiable information (PII), financial data, and proprietary assets.
Increased Security Risks: The ability to bypass established security protocols can lead to further vulnerabilities, as attackers may use this access to deploy additional malicious activities, including data exfiltration, deploying ransomware, or infiltrating deeper into the network.

CISA has reported CVE-2026-0257

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-0257 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

This is an advertDeploy the Patch

Affected Version(s)

PAN-OS 12.1.0 < 12.1.7, 12.1.4-h6

PAN-OS 11.2.0 < 11.2.12, 11.2.10-h7, 11.2.7-h14, 11.2.4-h17

PAN-OS 11.1.0 < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-0257
Created by sfewer-r7

CVE-2026-0257
Created by Mr-Robot-LP

CVE-2026-0257
Created by HORKimhab

News Articles

Dark Reading

CVE-2026-0257

Patch Now: Palo Alto Auth Bypass Bug Under Active Exploit

Exploiting the PAN-OS GlobalProtect VPN vulnerability requires certain conditions, but adversaries have done so in two attack waves that started mid-May.

1 day ago

theregister

CVE-2026-0257

Palo Alto VPN bug graduates from advisory to active exploitation

Rapid7: Attackers exploit authentication bypass flaw in the wild, meaning more emergency patching for PAN-OS users

1 day ago

It Security News

CVE-2026-0257

Hackers are exploiting Palo Alto GlobalProtect VPN authentication bypass (CVE-2026-0257) - IT Security News

Authentication bypass vulnerabilities (CVE-2026-0257) in Palo Alto Networks’ firewalls that the company disclosed on May 13 have been targeted in “limited exploit attempts”. “Across multiple customers, Rapid7 observed successful exploitation via authentication probes using forged cookies, but the ap...

2 days ago

References

https://security.paloaltonetworks.com/CVE-2026-0257

vendor-advisory

EPSS Score

36% chance of being exploited in the next 30 days.

CVSS V4

Score:

7.8

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

💰
Used in Ransomware
May 31, 2026
📈
Vulnerability started trending
May 30, 2026
🟡
Public PoC available
May 29, 2026
🦅
CISA Reported
May 29, 2026
📰
First article discovered by It Security News
May 29, 2026
👾
Exploit known to exist
May 13, 2026
Vulnerability published
May 13, 2026
Vulnerability Reserved
Nov 3, 2025

Credit

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.

CVE-2026-0257 Data

JSON

Palo Alto Networks

Badges

What is CVE-2026-0257?

Potential impact of CVE-2026-0257

CISA has reported CVE-2026-0257

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

Exploit Proof of Concept (PoC)

News Articles

Patch Now: Palo Alto Auth Bypass Bug Under Active Exploit

Palo Alto VPN bug graduates from advisory to active exploitation

Hackers are exploiting Palo Alto GlobalProtect VPN authentication bypass (CVE-2026-0257) - IT Security News

References

EPSS Score

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.