Attackers are exploiting Palo Alto Networks defect that initially flew under the radar

Palo Alto Networks GlobalProtect portals and gateways are under active attack via CVE-2026-0257, a critical authentication-bypass vulnerability. Attackers can forge valid auth cookies using public TLS certificates and gain VPN access with a single HTTP request. All affected customers are at immediate risk of unauthorized network access.

CRITICALAdvisoryJun 02, 2026

Action required

Immediately identify all Palo Alto GlobalProtect instances in your environment. Patch to the latest fixed version or implement vendor mitigations without delay. Monitor VPN logs for suspicious authentication patterns and single-request connection attempts.

Affected products

Palo Alto NetworksPAN-OSGlobalProtectRapid7CISA

CVE IDs

CVE-2026-0257

Linked articles

Attackers are exploiting Palo Alto Networks defect that initially flew under the radar

Source links

https://cyberscoop.com/palo-alto-networks-cve-2026-0257-exploited-vulnerability/