Palo Alto Warns Of Active Exploitation Of GlobalProtect Authentication Bypass Flaw
Palo Alto Networks has alerted customers about the ongoing exploitation of the authentication bypass vulnerability in PAN-OS GlobalProtect.
The vulnerability, tracked as CVE-2026-0257, lets unauthenticated actors bypass security measures and set up unsanctioned connections to vulnerable GlobalProtect portals and gateways. A high CVSS score of 7.8 was assigned for this vulnerability.
This issue was first disclosed by the company on 13 May, when it said it had seen limited exploitation attempts against unpatched devices.
The impacted environments involve PAN-OS and Prisma Access with specific GlobalProtect authentication override settings configured. Both Panorama and Cloud NGFW products are not impacted.
Security researchers have already confirmed that the attackers are exploiting the vulnerability. As per the details provided by Rapid7, the attacks involved the usage of fake authentication cookies to gain unauthorized access to the target’s VPNs. Evidence of exploitation dates back to at least 17 May.
The Palo Alto advisory was...
Copyright of this story solely belongs to informationsecuritybuzz.com. To see the full text click HERE
