vulnerability
Palo Alto Networks PAN-OS: CVE-2026-0257: PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:N/C:C/I:C/A:N) | May 13, 2026 | May 18, 2026 | Jun 1, 2026 |
Severity
9
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:N)
Published
May 13, 2026
Added
May 18, 2026
Modified
Jun 1, 2026
Description
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection.
Panorama and Cloud NGFW are not impacted by these issues.
Panorama and Cloud NGFW are not impacted by these issues.
Solution
palo-alto-networks-pan-os-upgrade-latest
References
- CWE-565
- CVE-2026-0257
- https://attackerkb.com/topics/CVE-2026-0257
- https://security.paloaltonetworks.com/CVE-2026-0257
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-30104
- https://www.rapid7.com/blog/post/etr-rapid7-observed-exploitation-of-pan-os-globalprotect-authentication-bypass-vulnerability-cve-2026-0257/
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.