Active Exploitation of Authentication Bypass Vulnerability in Palo Alto Network's PAN-OS GlobalProtect

Successful exploitation of CVE‑2026‑0257 allows unauthenticated attackers to establish unauthorised VPN connections via affected PAN‑OS GlobalProtect deployments.

Threat ID:: CC-4790
Threat Severity:: Medium
Published:: 1 June 2026 1:30 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Successful exploitation of CVE‑2026‑0257 allows unauthenticated attackers to establish unauthorised VPN connections via affected PAN‑OS GlobalProtect deployments.

Affected platforms

The following platforms are known to be affected:

Palo Alto Networks PAN-OS

PAN‑OS version12.1

Prior to 12.1.4-h6
Prior to 12.1.7

PAN-OS version 11.2

Prior to 11.2.4-h17
Prior to 11.2.7-h14
Prior to 11.2.10-h7
Prior to 11.2.12

PAN-OS version 11.1

Prior to 11.1.4-h33
Prior to 11.1.6-h32
Prior to 11.1.7-h6
Prior to 11.1.10-h25
Prior to 11.1.13-h5
Prior to 11.1.15

PAN-OS version 10.2

Prior to 10.2.7-h34
Prior to 10.2.10-h36
Prior to 10.2.13-h21
Prior to 10.2.16-h7
Prior to 10.2.18-h6

Prisma Access version 11.2.0

Prior to 11.2.7-h13

Prisma Access version 10.2.0

Prior to 10.2.10-h36

Note: Panorama and Cloud NGFW are not impacted by these issues.

Threat details

Active Exploitation of CVE-2026-0257

Palo Alto Networks and security researchers are reporting active exploitation of CVE-2026-0257 in the wild, and the US Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog.

The NHS England National CSOC assesses further exploitation as almost certain.

Introduction

Palo Alto Networks has released a security advisory to address a high severity vulnerability in PAN‑OS when authentication override cookies are enabled and a specific certificate configuration exists. Successful exploitation could allow a remote, unauthenticated attacker to bypass authentication controls and gain unauthorised VPN access to internal networks.

CVE‑2026‑0257 – 'Authentication Bypass' vulnerability – CVSSv4 Score: 7.8

Remediation advice

Affected organisations are encouraged to review the Palo Alto Networks advisory CVE‑2026‑0257 PAN‑OS: GlobalProtect Authentication Bypass Vulnerabilities and apply the relevant update as soon as possible.

Definitive source of threat updates

https://security.paloaltonetworks.com/CVE-2026-0257

CVE Vulnerabilities

Status Published

CVE-2026-0257

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

Last edited: 1 June 2026 1:30 pm