CVE-2026-0257: Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

CVE ID

CVE-2026-0257

Vulnerability Name

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

• Project: Palo Alto Networks
• Product: PAN-OS

Date

• Date Added: 2026-05-29
• Due Date: 2026-06-01

Description

Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://security.paloaltonetworks.com/CVE-2026-0257 ; https://nvd.nist.gov/vuln/detail/CVE-2026-0257

Related Security News

• Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
• Hackers are exploiting Palo Alto GlobalProtect VPN authentication bypass (CVE-2026-0257)
• Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
• PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List