Breaking
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately
Latest Threat Intel Zero-Days Data Breaches Analysis
Live threat feed June 7, 2026 | 02:07 UTC
1406 CVEs This Month
4 Actively Exploited
0 Ransomware Activity
25 Breaches YTD
Threat Investigation Portal
Investigate an IOC in the live graph workspace.
Investigate IOC
Vulnerabilities

Active Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)

Thirumala Rao Padilam Thirumala Rao Padilam May 30, 2026
Active Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)

Palo Alto Networks has confirmed active exploitation of a medium-severity authentication bypass vulnerability identified as CVE-2026-0257, affecting PAN-OS and Prisma Access. This flaw permits attackers to bypass authentication controls and establish unauthorized VPN connections, posing risks to affected organizations' network security.

What happened

Palo Alto Networks disclosed a medium-severity vulnerability, CVE-2026-0257, in its PAN-OS and Prisma Access platforms. The flaw allows attackers to bypass authentication mechanisms and establish VPN connections without proper credentials. The company has reported active exploitation of this vulnerability in the wild, indicating that threat actors are leveraging this weakness to infiltrate targeted networks.

This authentication bypass impacts the GlobalProtect VPN functionality, enabling unauthorized access through the affected systems. The company has issued guidance and alerts to customers following the discovery of active exploitation attempts.

Why it matters

The ability to bypass authentication and establish unauthorized VPN connections undermines perimeter defenses and grants attackers potential persistent access to internal networks. Since GlobalProtect is widely used for secure remote access, exploitation of this vulnerability could lead to compromised systems, data exposure, or lateral movement within corporate environments.

Active exploitation signals that adversaries are already attempting to abuse this flaw, increasing the urgency for affected organizations to respond promptly. The CVSS score of 7.8 classifies the issue as a significant security concern requiring immediate attention.

What security teams should do

Security teams should prioritize reviewing deployments of PAN-OS and Prisma Access, especially configurations involving the GlobalProtect VPN. Applying vendor-provided security patches or updates that address CVE-2026-0257 is critical to mitigate exploitation risks.

In addition to patching, monitoring VPN access logs for anomalous connection attempts and unusual authentication patterns may help detect ongoing exploitation. Conducting a post-incident review to identify possible unauthorized access during the vulnerability window is advisable.

Key technical details

The vulnerability CVE-2026-0257 is characterized as an authentication bypass impacting PAN-OS and Prisma Access platforms, specifically affecting the GlobalProtect VPN component. It allows an attacker to circumvent usual authentication checks and establish VPN sessions without valid credentials.

This flaw carries a CVSS base score of 7.8, reflecting its moderate severity and the potential for significant security impact. Details on the precise exploitation method have not been extensively disclosed, but the active exploitation reported suggests adversaries can leverage the vulnerability to gain network access.

Affected organizations/products

The vulnerability affects Palo Alto Networks' PAN-OS operating system and Prisma Access cloud service, particularly the GlobalProtect VPN feature. Organizations using these products for remote access potentially face exposure to unauthorized VPN connections if unpatched.

Source attribution

https://thehackernews.com/2026/05/pan-os-globalprotect-authentication.html

Thirumala Rao Padilam
Written by
Thirumala Rao Padilam
error: Content is protected !!