CVE-2026-0257

Confirmed PUBLISHED

PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities

Palo Alto Networks · Cloud NGFW, PAN-OS, Prisma Access

3 days faster than CISA KEV

Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
7.8 High EPSS 86.7%

At a Glance

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

edge cisa nuclei_scanner nessus_scanner
CVE Published
May 13, 2026
Exploitation Reported
Jun 01, 2026
CVSS
7.8 High
EPSS
86.7%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
Siemens
RUGGEDCOM APE1808

0 to < *

Affected
Palo Alto Networks
Cloud NGFW

All

Unaffected
Palo Alto Networks
PAN-OS

12.1.0 to < 12.1.7, 12.1.4-h6

Changed to unaffected at 12.1.7

Changed to unaffected at 12.1.4-h6

Affected
Palo Alto Networks
PAN-OS

11.2.0 to < 11.2.12, 11.2.10-h7, 11.2.7-h14, 11.2.4-h17

Changed to unaffected at 11.2.12

Changed to unaffected at 11.2.10-h7

Changed to unaffected at 11.2.7-h14

Changed to unaffected at 11.2.4-h17

Affected
Palo Alto Networks
PAN-OS

11.1.0 to < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33

Changed to unaffected at 11.1.15

Changed to unaffected at 11.1.13-h5

Changed to unaffected at 11.1.10-h25

Changed to unaffected at 11.1.7-h6

Changed to unaffected at 11.1.6-h32

Changed to unaffected at 11.1.4-h33

Affected
Palo Alto Networks
PAN-OS

10.2.0 to < 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34

Changed to unaffected at 10.2.18-h6

Changed to unaffected at 10.2.16-h7

Changed to unaffected at 10.2.13-h21

Changed to unaffected at 10.2.10-h36

Changed to unaffected at 10.2.7-h34

Affected
Palo Alto Networks
Prisma Access

10.2.0 to < 10.2.10-h36

Changed to unaffected at 10.2.10-h36

Affected
Palo Alto Networks
Prisma Access

11.2.0 to < 11.2.7-h13

Changed to unaffected at 11.2.7-h13

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.