Authentication bypass vulnerability in GlobalProtect portal/gateway components of Palo Alto Networks PAN-OS allows remote attackers to establish unauthorized VPN connections. Active exploitation confirmed with public PoC available.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2026-05-13
Added to CISA KEV: 2026-05-29 16 DAYS BETWEEN CVE AND KEV
Palo Alto Networks Security Advisory: CVE-2026-0257 PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues. ... Palo Alto Networks has become aware of limited exploit attempts on unpatched PAN-OS devices without mitigations applied. Weakness Type and ... Palo Alto Networks Security Advisory: CVE-2026-0257 PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.
Rapid7 MDR has observed active exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability CVE-2026-0257. ... Vulnerabilities and Exploits. Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257).Exposure Command, InsightVM, and Nexpose customers can assess exposure to CVE-2026-0257 using an authenticated check available since the May 15 content release. Known Indicators of Compromise. ... Overview On May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0257, a medium severity authentication bypass affecting PAN-OS and Prisma Access when a specific configuration is present. Successful exploitation of this vulnerability allows a remote unauthenticated attacker to successfully establish a VPN connection through the GlobalProtect gateway of an affected ...
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues. ... CVE-2026-0257 - PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities.AI Analysis. Impact. Authentication bypass vulnerabilities in Palo Alto Networks GlobalProtect portal and gateway allow an attacker to bypass VPN authentication requirements and establish an unauthorized VPN connection, compromising confidentiality and accessibility of the protected network. The weakness is classified as CWE‑565 (Use of Insecure or Untrusted Control Flow).
Threat Intelligence Report CVE-2026-0257 is a medium severity authentication bypass vulnerability in PAN-OS and Prisma Access, allowing remote unauthenticated attackers to establish VPN connections via the GlobalProtect gateway under specific configurations. Rapid7 MDR confirmed exploitation of this vulnerability in the wild, with a publicly available proof-of-concept script developed to test ...