Tag

Cve 2026 0257

All articles tagged with #cve 2026 0257

security3 hours ago•2 min saved

Active Exploitation Targets PAN-OS VPN Flaw CVE-2026-0257

Palo Alto Networks warns that CVE-2026-0257, a medium-severity authentication bypass affecting PAN-OS/GlobalProtect, is being actively exploited in the wild to sidestep security controls and establish unauthorized VPN sessions. Rapid7 tracked two exploitation waves starting mid‑May 2026 (earliest May 17), with VPN IP assignments after cookie-based authentication in some cases. The U.S. CISA added the flaw to its Known Exploited Vulnerabilities list, mandating mitigations by June 1, 2026. Temporary mitigations include disabling the authentication override feature or issuing a new certificate for that feature, with urgent patching urged until updates are applied.

via The Hacker News|

#cve-2026-0257 #cybersecurity #globalprotect

security6 hours ago•4 min saved

Active Attacks Target Palo Alto GlobalProtect Flaw CVE-2026-0257

Hackers are actively exploiting the PAN-OS GlobalProtect authentication bypass (CVE-2026-0257) on unpatched devices to gain unauthorized VPN access. Patches were released earlier in the month, and mitigations include disabling the authentication override feature or using a separate certificate. Rapid7 observed exploitation beginning May 17 across multiple customers, with forged cookies enabling access in some cases, while federal agencies were urged to mitigate by June 1 as CISA added the flaw to KEV.

via BleepingComputer|

#authentication-override-cookies #cve-2026-0257 #globalprotect