[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fTbgzdRiLsOQxE4BIls1iDqbbJnnASCUzDlDvivOXAjM":3},{"article":4,"iocs":55},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":32,"category":33,"article_tags":37},"e50164e9-c8e7-461a-a65a-a9b055ac31a6","PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation","pan-os-globalprotect-authentication-bypass-cve-2026-0257-under-active-exploitati-84667f","Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 (CVSS score: 7.8), refers to a case of authentication bypass that could be exploited by bad actors to set up VPN connections. \"Authentication bypass vulnerabilities in the","Palo Alto Networks warned that CVE-2026-0257, a medium-severity authentication bypass in PAN-OS and Prisma Access, is being actively exploited. The vulnerability allows attackers to establish unauthorized VPN connections. CISA added the CVE to its KEV catalog, requiring federal agencies to mitigate it by June 1, 2026.","CVE-2026-0257, a PAN-OS GlobalProtect authentication bypass, is under active exploitation.","PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation Ravie LakshmananMay 30, 2026Vulnerability \u002F Network Security Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 (CVSS score: 7.8), refers to a case of authentication bypass that could be exploited by bad actors to set up VPN connections. \"Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allow the attacker to bypass security restrictions and establish an unauthorized VPN connection,\" Palo Alto Networks said in an advisory released on May 13, 2026. The issue specifically affects firewalls with GlobalProtect portal or gateway configured when authentication override cookies are enabled and a specific certificate configuration exists, the network security company said. In an update to its advisory on May 29, 2026, Palo Alto Networks said it has \"become aware of limited exploit attempts on unpatched PAN-OS devices without mitigations applied. The development comes after Rapid7 revealed it identified successful exploitation across numerous customers, with the earliest efforts dating back to May 17, 2026, followed by a second wave on May 21. Both the exploitation sets are assessed to be the work of the same threat actor. The activity observed in the second wave involved VPN IP assignment following the cookie authentication in two cases, granting the attacker access to the internal network. No follow-on activity in the customer environments where a VPN session was established, the cybersecurity vendor added. \"An authentication bypass in an edge facing enterprise VPN appliance can have significant impact to affected organizations,\" Rapid7 said. \"As such, organizations running affected appliances are urged to upgrade to a vendor supplied patch on an urgent basis.\" As temporary mitigations, it's recommended to either disable the authentication override feature or generate a new certificate to use exclusively for the authentication override feature. The exploitation of CVE-2026-0257 follows a report from Arctic Wolf about the continued weaponization of a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments (CVE-2026-35616, CVSS score: 9.1) to deliver credential-stealing malware called EKZ Infostealer. Update The U.S. Cybersecurity and Infrastructure Security Agency (CSIA) has added CVE-2026-0257 to its Known Exploited Vulnerabilities (KEV) catalog, ordering Federal Civilian Executive Branch (FCEB) agencies to mitigate the flaw by June 1, 2026. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  Authentication bypass, cybersecurity, network security, Palo Alto Networks, PAN-OS, VPN Security, Vulnerability ⚡ Top Stories This Week Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI\u002FCD Workflows ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories Microsoft Warns of Two Actively Exploited Defender Vulnerabilities 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective The New Phishing Click: How OAuth Consent Bypasses MFA Developer Workstations Are Now Part of the Software Supply Chain ⭐ Featured Resources Claim ANY.RUN Anniversary Offer for Faster Malware Analysis [Guide] Learn to Detect AI Typosquatting Risks in Your Domain [Guide] Get Key Identity Security Insights From 2026 Snapshot Discover How to Navigate the Era of Constant Cyber Exposure","https:\u002F\u002Fthehackernews.com\u002F2026\u002F05\u002Fpan-os-globalprotect-authentication.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEgkaW0i4ALAlpWQ_cOjfhoqUlNgMlZysJA6ay0qPViGI_KxEEG-Hh0KdtWLqBXDH42ZBGSONs0ZJuzOqdRF7vbx6Xa9J8HlP60lY45JHy0ivdRQs0exe4wZT2lI3TW4oDO-XXPVz2pek2M3izLqT3ONwq2iuHPN31ZZvK3jl0zIDq_h5XF1CTRk7fUPzjEQ\u002Fs1600\u002Fpanos.jpg","2026-05-30T06:41:26+00:00","2026-05-30T08:00:25.969966+00:00",9,[18,21,24,26,28,30],{"name":19,"type":20},"Palo Alto Networks","vendor",{"name":22,"type":23},"PAN-OS","product",{"name":25,"type":23},"Prisma Access",{"name":27,"type":20},"Rapid7",{"name":29,"type":20},"Arctic Wolf",{"name":31,"type":23},"FortiClient Endpoint Management Server","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":32,"icon":34,"name":35,"slug":36},null,"Vulnerabilities","vulnerabilities",[38,43,48,50],{"category":39},{"id":40,"icon":34,"name":41,"slug":42},"574f766a-fb3f-487c-8d2c-0720ae75471b","Zero-day","zero-day",{"category":44},{"id":45,"icon":34,"name":46,"slug":47},"6cbdd207-aaa1-4176-9534-e156b125e917","Nation-state","nation-state",{"category":49},{"id":32,"icon":34,"name":35,"slug":36},{"category":51},{"id":52,"icon":34,"name":53,"slug":54},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[56,60],{"type":57,"value":58,"context":59},"cve","CVE-2026-0257","PAN-OS GlobalProtect Authentication Bypass",{"type":57,"value":61,"context":62},"CVE-2026-35616","FortiClient EMS vulnerability used to deliver EKZ Infostealer"]