Active Attacks Target Palo Alto GlobalProtect Flaw CVE-2026-0257

May 31, 2026 at 10:41 AM

•

1 min read

Active Attacks Target Palo Alto GlobalProtect Flaw CVE-2026-0257 — Photo: BleepingComputer

TL;DR Summary

Hackers are actively exploiting the PAN-OS GlobalProtect authentication bypass (CVE-2026-0257) on unpatched devices to gain unauthorized VPN access. Patches were released earlier in the month, and mitigations include disabling the authentication override feature or using a separate certificate. Rapid7 observed exploitation beginning May 17 across multiple customers, with forged cookies enabling access in some cases, while federal agencies were urged to mitigate by June 1 as CISA added the flaw to KEV.

Topics:technology #authentication-override-cookies #cve-2026-0257 #globalprotect #pan-os #security #vpn-exploitation

Share this article

Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks BleepingComputer
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation The Hacker News
Palo Alto Networks stock (US6974351057): Security flaw CVE-2026-0257 puts focus on PAN-OS and Prisma AD HOC NEWS
Palo Alto Networks PAN-OS Authentication Vulnerability Bypass Exploited in the Wild CyberSecurityNews
PAN-OS GlobalProtect Authentication Bypass Flaw Under Active Exploitation cyberpress.org

Reading Insights

Total Reads

Unique Readers

Time Saved

4 min

vs 5 min read

Condensed

91%

843 → 72 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights