CVE-2026-0257 has a CVSS score of 7.8 and is a medium-severity authentication bypass affecting PAN-OS and Prisma Access. The flaw targets GlobalProtect portal and gateway components and can let attackers bypass security restrictions to establish unauthorized VPN connections. It affects firewalls when GlobalProtect portal or gateway is configured with authentication override cookies enabled and a specific certificate configuration present. Palo Alto Networks reported limited exploit attempts on unpatched PAN-OS devices without mitigations, and Rapid7 found successful exploitation across numerous customers with activity starting May 17, 2026 and a second wave on May 21 by the same threat actor. In the second wave, attackers obtained VPN IP assignment after cookie authentication in two cases, granting access to internal networks, with no observed follow-on activity. Rapid7 urged urgent patching to vendor-supplied fixes.
"Palo Alto Networks said it has "become aware of limited exploit attempts on unpatched PAN-OS devices without mitigations applied."
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]