Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

PAN-OS / Prisma Access GlobalProtect authentication bypass (CVE-2026-0257, actively exploited)

Vulnerability
First reported
Last updated
Happening score
H score 45
1 unique sources, 1 articles

Summary

Hide ▲

PAN-OS and Prisma Access are affected by CVE-2026-0257, an authentication bypass in the GlobalProtect portal and gateway that can let attackers establish an unauthorized VPN connection. Palo Alto Networks said the flaw is under active exploitation in the wild, and Rapid7 reported successful exploitation against numerous customers starting May 17, 2026. The issue is especially risky for devices with authentication override cookies enabled and the relevant certificate configuration.

Related Happenings

Digiever DS-2105 Pro active exploitation wave (CVE-2023-52163)

Exploitation Wave
First: 25.12.2025 10:07 Last: 25.12.2025 10:07 Sources 1

About this happening: **CVE-2023-52163** is being exploited at scale against **Digiever DS-2105 Pro NVRs**, with multiple reports linking abuse to **Mirai** and **ShadowV2** botnet delivery. The flaw i...

Open Happening

Timeline

  1. 30.05.2026 09:41 2 articles · 3h ago

    Attackers begin exploiting CVE-2026-0257 against PAN-OS customers

    Exploitation Observed

    Rapid7 identified successful exploitation across numerous customers, with the earliest efforts dating back to May 17, 2026. The activity is assessed to be the work of the same threat actor and shows CVE-2026-0257 being used against affected PAN-OS environments to gain unauthorized VPN access.

    Show sources
    Open in new tab
  2. 30.05.2026 09:41 1 articles · 3h ago

    Second exploitation wave grants internal network access through VPN sessions

    Victim Impact Update

    A second exploitation wave on May 21, 2026 involved VPN IP assignment following cookie authentication in two cases, which granted the attacker access to the internal network. Rapid7 said no follow-on activity was observed in the customer environments where a VPN session was established.

    Show sources
    Open in new tab
  3. 13.05.2026 03:00 1 articles · 17d ago

    Palo Alto Networks discloses PAN-OS and Prisma Access authentication bypass

    Initial Disclosure

    Palo Alto Networks released an advisory on May 13, 2026 for CVE-2026-0257, an authentication bypass in the GlobalProtect portal and gateway of PAN-OS that can let an attacker bypass security restrictions and establish an unauthorized VPN connection. The issue affects firewalls with GlobalProtect portal or gateway configured when authentication override cookies are enabled and a specific certificate configuration exists.

    Show sources
    Open in new tab