Active Exploitation Targets PAN-OS VPN Flaw CVE-2026-0257

May 31, 2026 at 01:48 PM

•

1 min read

Active Exploitation Targets PAN-OS VPN Flaw CVE-2026-0257 — Photo: The Hacker News

TL;DR Summary

Palo Alto Networks warns that CVE-2026-0257, a medium-severity authentication bypass affecting PAN-OS/GlobalProtect, is being actively exploited in the wild to sidestep security controls and establish unauthorized VPN sessions. Rapid7 tracked two exploitation waves starting mid‑May 2026 (earliest May 17), with VPN IP assignments after cookie-based authentication in some cases. The U.S. CISA added the flaw to its Known Exploited Vulnerabilities list, mandating mitigations by June 1, 2026. Temporary mitigations include disabling the authentication override feature or issuing a new certificate for that feature, with urgent patching urged until updates are applied.

Topics:technology #cve-2026-0257 #cybersecurity #globalprotect #pan-os #security #vpn

Share this article

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation The Hacker News
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks BleepingComputer
Palo Alto Networks stock (US6974351057): Security flaw CVE-2026-0257 puts focus on PAN-OS and Prisma AD HOC NEWS
Palo Alto Networks PAN-OS Authentication Vulnerability Bypass Exploited in the Wild CyberSecurityNews
PAN-OS GlobalProtect Authentication Bypass Flaw Under Active Exploitation cyberpress.org

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 2 min read

Condensed

77%

392 → 91 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights