Security
Palo Alto Networks PAN-OS CVE-2026-0257 active exploitation detailed by Unit 42
- Category: Security
- Status: confirmed
- Sources: Unit 42, Palo Alto advisory
- Summary: Palo Alto Networks Unit 42 published a threat brief on continued active exploitation of CVE-2026-0257 (CVSS 9.1), an authentication bypass in the GlobalProtect portal and gateway that lets unauthenticated attackers circumvent controls and initiate VPN connections. Exploitation has run since 2026-05-17; the flaw is on the CISA KEV catalog. Patched PAN-OS versions are available; mitigation is to disable auth override cookies or use a dedicated certificate.
- Why it matters: GlobalProtect is widely deployed remote-access infrastructure, and an unauthenticated bypass is a direct path into corporate networks.