⚠️ Region Alert: UAE/Middle East
Unit 42 has identified active exploitation of CVE-2026-0257, a critical authentication bypass vulnerability affecting Palo Alto Networks PAN-OS GlobalProtect portals and gateways. This security flaw enables unauthorized attackers to bypass security controls and initiate VPN connections. The vulnerability was added to the CISA Known Exploited Vulnerability (KEV) catalog on May 29, 2026, highlighting the immediate threat to organizations running unpatched versions.
While current observations show no post-access lateral movement, a small number of devices have successfully established VPN sessions. Security teams are urged to monitor GlobalProtect logs for specific Indicators of Compromise (IoCs), including suspicious IP addresses and hard-coded client configuration values found in public exploit code. Immediate patching or the application of vendor-provided workarounds is strongly recommended to secure network perimeters.
Top comments (0)