Bishop Fox ·EN-US Vendor research Patch releasedPAN-OSPanorama
Detecting CVE-2026-0265 at Scale: PAN-OS CAS Authentication Bypass
TL;DR
CVE-2026-0265">CVE-2026-0265 is a pre-authentication JSON Web Token (JWT) signature bypass in PAN-OS and Panorama, reachable only when Cloud Authentication Service (CAS) is attached to an authentication profile. Bishop Fox has published a CVE-2026-0265-check">detection script that returns a definitive vulnerable / not-vulnerable verdict per GlobalProtect portal from a single anonymous HTTP request. Patch to a fixed version (10.2.18+, 11.1.15+, 11.2.12+, 12.1.7+) or detach CAS from affected profiles as a workaround.…