CVE-2026-0257: Palo Alto Networks PAN-OS

What is CVE-2026-0257?

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

CVSS9.1 NVD 3.1

SeverityCRITICAL

Exploitation In the wild In CISA KEV

EPSS59% · P98

Triage statusActive Exploit

ActionPatch immediately

CVSS vectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWECWE-565

NVD published2026-05-13

NVD last modified2026-05-29

CISA Known Exploited Vulnerability

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

Added to KEV2026-05-29

Federal patch deadline2026-06-01

Known ransomware useUnknown

Affected product

Palo Alto Networks PAN-OS

NVD also lists CPE entries for: Paloaltonetworks Pan-Os, Paloaltonetworks Prisma Access

Remediation Steps

Apply the vendor security update for Paloaltonetworks Pan-Os as a priority.
Restrict network exposure of the affected service to trusted sources until patched.
Review logs and detections for indicators of exploitation.
Confirm fixed versions against the official vendor advisory before deploying.

References

Coverage on defend.network

Vulnerability Priority Report – Week 2 of June 2026 (June 8 – 14)
Vulnerability Priority Report – Week 1 of June 2026 (June 1 – 7)
PAN-OS GlobalProtect actively exploited; Russian infrastructure dismantled; Linux kernel flaw (2026-06-01)
Active exploits: Palo Alto GlobalProtect, CISA credential leak, Linux kernel RCE (2026-05-31)

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.