Active Attacks Target Palo Alto GlobalProtect Flaw CVE-2026-0257
Hackers are actively exploiting the PAN-OS GlobalProtect authentication bypass (CVE-2026-0257) on unpatched devices to gain unauthorized VPN access. Patches were released earlier in the month, and mitigations include disabling the authentication override feature or using a separate certificate. Rapid7 observed exploitation beginning May 17 across multiple customers, with forged cookies enabling access in some cases, while federal agencies were urged to mitigate by June 1 as CISA added the flaw to KEV.