CVE-2026-0265
published 2026-05-13CVE-2026-0265: An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication…
PriorityP355high7.2CVSS 4.0
AVNACLATPPRNUINVCHVIHVAHSCNSINSANEUCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUNRUVDREMURed
EPSS
0.44%
35.2th percentile
An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled.
The risk is higher if CAS is enabled on the management interface and lower when any other login interfaces are used.
The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW and Prisma Access® are not impacted by this vulnerability.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 10.2.0 < 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34 | 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34 |
| palo_alto_networks | pan-os | >= 11.1.0 < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33 | 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33 |
| palo_alto_networks | pan-os | >= 11.2.0 < 11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17 | 11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17 |
| palo_alto_networks | pan-os | >= 12.1.0 < 12.1.7, 12.1.4-h5 | 12.1.7, 12.1.4-h5 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Palo Alto Cloud NGFW/PAN-OS/Prisma Access Management Interface signature verification (EUVD-2026-30066)
vuldb·2026-05-13·CVSS 7.2
CVE-2026-0265 [HIGH] Palo Alto Cloud NGFW/PAN-OS/Prisma Access Management Interface signature verification (EUVD-2026-30066)
A vulnerability marked as critical has been reported in Palo Alto Cloud NGFW, PAN-OS and Prisma Access. Affected by this issue is some unknown functionality of the component Management Interface. This manipulation causes improper verification of cryptographic signature.
This vulnerability is handled as CVE-2026-0265. The attack can be initiated remotely. There is not any exploit available.
GHSA
GHSA-qcp7-r34x-6gv6: An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authen
ghsa_unreviewed·2026-05-13
CVE-2026-0265 [HIGH] CWE-347 GHSA-qcp7-r34x-6gv6: An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authen
An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled.
The risk is higher if CAS is enabled on the management interface and lower when any other login interfaces are used.
The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual a
Palo Alto
PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled
vendor_paloalto·CVSS 7.2
CVE-2026-0265 [HIGH] CWE-347 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled
PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled
An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled.
The risk is higher if CAS is enabled on the management interface and lower when any other login interfaces are used.
The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431).
This issue is applicable to
No detection rules found.
No public exploits indexed.
Rapid7
Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)
blogs_rapid7·2026-06-08·CVSS 8.6
CVE-2026-50751 [HIGH] Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)
## Overview
On June 8, 2026, Check Point published a security advisory for CVE-2026-50751 , a critical authentication bypass vulnerability affecting Check Point Remote Access VPN, Mobile Access, and Spark Firewall products. The vulnerability affects deployments configured to use the deprecated IKEv1 key exchange protocol where gateways accept legacy Remote Access clients and do not require a machine certificate for connections.
CVE-2026-50751, classified as improper authentication ( CWE-287 ), has a CVSS score of 9.3. The vulnerability stems from a logic flow weakness in how Remote Access and Mobile Access components validate certificates during IKEv1 key exchange; successful exploitation allows an unauthenticated attacker to establish a VPN session without providing valid credentials. P
Rapid7
Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)
blogs_rapid7·2026-05-29·CVSS 7.8
CVE-2026-0257 [HIGH] Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)
## Overview
On May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0257, a medium severity authentication bypass affecting PAN-OS and Prisma Access when a specific configuration is present. Successful exploitation of this vulnerability allows a remote unauthenticated attacker to successfully establish a VPN connection through the GlobalProtect gateway of an affected appliance.
Rapid7 MDR identified successful exploitation across numerous customers, however we did not observe any indication of successful lateral movement from the devices. The earliest date for observed exploitation was May 17, 2026. As of May 29, 2026, this vulnerability has been added to the CISA KEV.
While the assigned CVSSv4 score indicates a medium severity, due to the circumstances surroundin
Rapid7
CVE-2026-0265: Authentication Bypass in Palo Alto Networks PAN-OS
blogs_rapid7·2026-05-14·CVSS 7.2
CVE-2026-0265 [HIGH] CVE-2026-0265: Authentication Bypass in Palo Alto Networks PAN-OS
## Overview
On May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0265 , a signature verification vulnerability that facilitates authentication bypass on PAN-OS , the operating system that most Palo Alto Networks firewalls run. This vulnerability allows a remote unauthenticated attacker with network access to bypass authentication when Cloud Authentication Service (CAS) is enabled and attached to a login interface; the vulnerable configuration is non-default but common. CVE-2026-0265 affects PAN-OS on PA-Series and VM-Series firewalls, as well as Panorama (virtual and M-Series) appliances. Cloud NGFW and Prisma Access are not affected.
Palo Alto Networks assigned CVE-2026-0265 a “High” 7.2 CVSS score. The advisory states that the vulnerability’s severity scoring
2026-05-13
Published