The Hacker News ·EN News source Exploited in the wildPAN-OS GlobalProtect (portal and gateway)
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
CVE Tools coverage
Palo Alto Networks says it has detected active exploitation of a PAN-OS flaw used to gain unauthorized access to GlobalProtect portals, with attack activity beginning May 17, 2026. The issue is tracked as CVE-2026-0257 (CVSS 7.8), an authentication bypass affecting GlobalProtect portal and gateway components that could let attackers establish VPN connections and evade security checks. The U.S. CISA added CVE-2026-0257 to its Known Exploited Vulnerabilities catalog, underscoring the need for urgent mitigation.