Palo Alto Unit 42 ·EN-US Vendor research Exploited in the wildPAN-OSGlobalProtect (portal and gateway)
Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257
Palo Alto Networks Unit 42 has observed active exploitation of PAN-OS vulnerability CVE-2026-0257">CVE-2026-0257 by an unidentified threat actor attempting to access GlobalProtect. This security flaw involves an authentication bypass in the portal and gateway components of vulnerable versions of PAN-OS® software, which could allow unauthorized attackers to circumvent security controls and initiate VPN connections. This CVE was added to the Known Exploited Vulnerability (KEV) catalog on May 29.…