A new authentication bypass vulnerability (CVE-2026-0257, CVE-2026-0257) is being actively exploited in the wild. The target: PAN-OS, Prisma Access, VPN. This is not a theoretical risk โ attackers are already leveraging it.
This is not the first time a critical authentication bypass has been found in PAN-OS, Prisma Access, VPN. Similar vulnerabilities appeared in 2024 and 2025, and each time the response was emergency patching rather than architectural review. The pattern repeats because the incentives favor speed of deployment over depth of review.
The details matter. According to reporting from The Hacker News (Sat, 30 May 2026 12:11:26): Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 (CVSS score: 7.8), refers to a case o
The uncomfortable truth is that CVE-2026-0257, CVE-2026-0257 sat in the codebase before anyone found it. The 'active exploitation' disclosure means attackers got there first. Patch Tuesday is a reactive ritual when the threat actors are already inside.
Analysis like this only matters if it drives action. Track active vulnerabilities, new techniques, and emerging threats at https://securitycyber.uk
More at https://securitycyber.uk
Mastodon: https://infosec.exchange/@securitycyber
LinkedIn: https://www.linkedin.com/in/charlie-collins-sec
Bluesky: https://bsky.app/profile/securitycyberuk.bsky.social
Substack: https://securitycyber.substack.com
Discord: https://discord.gg/securitycyber
Recommended resources to go deeper: https://www.hackthebox.com for hands-on practice, https://portswigger.net/web-security for free web security labs, and https://academy.tcm-sec.com for structured courses.
Originally published at https://securitycyber.uk
Top comments (0)