Back to KEVs

CVE-2026-0257

PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities

Basic Information

CVE State: PUBLISHED
Reserved Date: November 03, 2025
Published Date: May 13, 2026
Last Updated: May 30, 2026
Vendor: Palo Alto Networks
Product: Cloud NGFW, PAN-OS, Prisma Access
Description: Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.
Tags

CVSS Scores

CVSS v4.0

7.8 - HIGH

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N/E:A/AU:N/R:A/V:D/RE:M/U:Red

CVSS v3.1

9.1 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score

Score: 41.50% (Percentile: 97.48%) as of 2026-05-31

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2026-06-01 10:28:27 UTC) Source

References

https://security.paloaltonetworks.com/CVE-2026-0257

Known Exploited Vulnerability Information

Source	Added Date
CVE	2026-06-01 10:28:20 UTC

Recent Mentions

Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks

Source: BleepingComputer • Published: 2026-05-30 18:02:51 UTC

Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. [...]

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

Source: TheHackerNews • Published: 2026-05-30 06:41:26 UTC

Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 (CVSS score: 7.8), refers to a case of authentication bypass that could be exploited by bad actors to set up VPN connections. "Authentication bypass vulnerabilities in the

CVE-2026-0257 PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities (Severity: HIGH)

Source: Palo Alto Networks Security Advisories • Published: 2026-05-29 17:15:00 UTC

CISA Adds One Known Exploited Vulnerability to Catalog

Source: All CISA Advisories • Published: 2026-05-29 12:00:00 UTC

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-0257 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability This type of vulnerability is a frequent attack vectors for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Timeline

CVE ID Reserved

November 03, 2025
CVE Published to Public

May 13, 2026
Added to KEVIntel

June 01, 2026