• Category: Security
  • Status: confirmed
  • Sources: Unit 42, Palo Alto advisory
  • Summary: Palo Alto Networks Unit 42 published a threat brief on continued active exploitation of CVE-2026-0257 (CVSS 9.1), an authentication bypass in the GlobalProtect portal and gateway that lets unauthenticated attackers circumvent controls and initiate VPN connections. Exploitation has run since 2026-05-17; the flaw is on the CISA KEV catalog. Patched PAN-OS versions are available; mitigation is to disable auth override cookies or use a dedicated certificate.
  • Why it matters: GlobalProtect is widely deployed remote-access infrastructure, and an unauthenticated bypass is a direct path into corporate networks.

Send feedback on this story