⚠️ Region Alert: UAE/Middle East
Palo Alto Networks Unit 42 has reported active exploitation of CVE-2026-0257, a critical authentication bypass vulnerability affecting the GlobalProtect portal and gateway components in PAN-OS software. This security flaw allows unauthorized attackers to circumvent security controls and initiate VPN connections. Due to its severity and observed active use by unidentified threat actors, CISA added this CVE to the Known Exploited Vulnerability (KEV) catalog on May 29, 2026.
While lateral movement has not yet been identified, security teams have observed successful gateway-connected events from suspicious host IDs and specific IP addresses. Organizations are strongly advised to hunt for indicators of compromise (IoCs), such as hard-coded client configurations found in proof-of-concept code, and to upgrade to patched versions of PAN-OS immediately to mitigate the risk of unauthorized access.
Top comments (0)