CVE-2026-0257: Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security…

CVE-2026-0257 [HIGH] CWE-565 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability Vulnerability: Palo Alto Networks PAN-OS Authentication Bypass Vulnerability Affected: Palo Alto Networks PAN-OS Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Notes: https://security.paloaltonetworks.com/CVE-2026-0257 ; https://nvd.nist.gov/vuln/detail/CVE-2026-0257 Remediation Due Date: 2026-06-01

CVE-2026-0257 [MEDIUM] CWE-565 PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues. Affected products: Cloud NGFW, PAN-OS, Prisma Access Solution: VERSION MINOR VERSION SUGGESTED SOLUTION Cloud NGFW All No action needed. PAN-OS 12.1 12.1.5 through 12.1.6 Upgrade to 12.1.7 or later. 12.1.2 through 12.1.4-h* Upgrade to 12.1.4-h6 or 12.1.7 or later. PAN-OS 11.2 11.2.11 or later Upgrade to 11.2.12 or later. 11.2.8 through 11.2.10-h* Upgrade to 11.2.10-h7 or 11.2.12 or later. 11.2.5 through 11.2.7-h* Upgrade to 11.2.7-h14 or 11.2.12 or later. 11.

CVE-2026-0257 [MEDIUM] CWE-565 GHSA-jqxw-84hx-6qj5: Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass sec Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

CVE-2026-0257 [MEDIUM] Palo Alto Cloud NGFW/PAN-OS/Prisma Access GlobalProtect Portal cookie validation (EUVD-2026-30104) A vulnerability described as critical has been identified in Palo Alto Cloud NGFW, PAN-OS and Prisma Access. This affects an unknown part of the component GlobalProtect Portal. Such manipulation leads to cookies without validation. This vulnerability is uniquely identified as CVE-2026-0257. The attack can be launched remotely. No exploit exists.

CVE-2026-0257 [HIGH] CWE-565 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability Palo Alto Networks PAN-OS Authentication Bypass Vulnerability Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection. Affected: Palo Alto Networks PAN-OS Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.rapid7.com/blog/post/etr-rapid7-observed-exploitation-of-pan-os-globalprotect-authentication-bypass-vulnerability-cve-2026-0257/ Remediation Due: 2026-06-01

CVE-2026-0257 How the “Swiss Cheese” model can help you choose the right MDR provider Not all managed detection and response (MDR) solutions are equal. Finding the differences between vendors can be quite hard, and then understanding how those differences impact your business can be even harder. For instance, you may come across an MDR provider whose pricing is based on how much data you ingest rather than the number of assets you protect. Ingestion-based solutions have the potential to be more cost effective if you're selective about what security telemetry you ingest – but then who analyzes the impact of the logs you're leaving out until they're needed? Or, consider an MDR solution that's more EDR with just a few additional log sources. For some organizations this is a perfectly optimal fit. But, how often are logging blind spots reviewed and accepted as a risk? In my e

CVE-2026-0257 [HIGH] ⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More Home Threat Intelligence Vulnerabilities Cyber Attacks Webinars Expert Insights Awards Webinars Awards Free eBooks About THN Jobs Advertise with us ## ⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More Monday hit like a cron job with anger issues. A busted auth path here, a repo-side faceplant there, some "patched-ish" thing already getting chewed on in the wild, and then the usual bonus round: poisoned dev tools, sketchy forum chatter, phishing kits pretending to be productivity, and AI lowering the bar for people who already thought 'curl | sh' had a personality. The vibe is simple: old bugs, new wrappers, faster abuse. Patch the obvious crap first. Then read the rest. ## ⚡ Threat of the Week PAN-OS GlobalProtect Authenticati

CVE-2026-48131 1st June – Threat Intelligence Report Latest Publications CPR Podcast Channel AI Research Web 3.0 Security Intelligence Reports ThreatCloud AI Threat Intelligence & Research Zero Day Protection Sandblast File Analysis About Us SUBSCRIBE 2026 2025 2024 2023 2022 2021 2020 2019 2018 2017 2016 ## 1st June – Threat Intelligence Report For the latest discoveries in cyber research for the week of 1st June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Carnival Corporation, a global cruise line operator, has confirmed a data breach affecting nearly 6 million people after attackers used social engineering to compromise an employee account. Exposed information may include names, contact details, dates of birth, and government identification numbers. Charter Communications, a US t

CVE-2026-0257 [HIGH] Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks ## Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks ## Lawrence Abrams Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. The company fixed the CVE-2026-0257 flaw earlier this month, warning that it could be used to establish unauthorized VPN connections on the device. "GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection," reads Palo Alto's advisory . The flaw received a Medium severity rating because it requires devices to be configured with authentication override cookies enabled and a specific certificate con

CVE-2026-0257 [HIGH] PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation Home Threat Intelligence Vulnerabilities Cyber Attacks Webinars Expert Insights Awards Webinars Awards Free eBooks About THN Jobs Advertise with us ## PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 (CVSS score: 7.8), refers to a case of authentication bypass that could be exploited by bad actors to set up VPN connections. "Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allow the attacker to bypass security restrictions and establish an unauthorized VPN conn

CVE-2026-0257 [HIGH] Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257) ## Overview On May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0257, a medium severity authentication bypass affecting PAN-OS and Prisma Access when a specific configuration is present. Successful exploitation of this vulnerability allows a remote unauthenticated attacker to successfully establish a VPN connection through the GlobalProtect gateway of an affected appliance. Rapid7 MDR identified successful exploitation across numerous customers, however we did not observe any indication of successful lateral movement from the devices. The earliest date for observed exploitation was May 17, 2026. As of May 29, 2026, this vulnerability has been added to the CISA KEV. While the assigned CVSSv4 score indicates a medium severity, due to the circumstances surroundin