Palo Alto VPN bug graduates from advisory to active exploitation
A security flaw in Palo Alto's GlobalProtect VPN has transitioned from advisory status to active exploitation. Attackers are exploiting an authentication bypass vulnerability, allowing unauthorized access to VPN sessions. Organizations are urged to patch their systems promptly to prevent potential breaches.
- ▪The flaw, tracked as CVE-2026-0257, affects PAN-OS deployments using GlobalProtect authentication override cookies.
- ▪Rapid7 observed successful exploitation attempts across multiple customer environments starting May 17.
- ▪The vulnerability has been added to CISA's Known Exploited Vulnerabilities catalog, with a patch deadline of June 1.
Opening excerpt (first ~120 words) tap to expand
(function() { let windowUrl = window.location.href; windowUrl = windowUrl.substring(windowUrl.indexOf('?') + 1); let messageElement = document.querySelector('.shareableMessage'); if (windowUrl && windowUrl.includes('code') && windowUrl.includes('expires')) { messageElement.style.display = 'block'; } })(); Cyber-crime Palo Alto VPN bug graduates from advisory to active exploitation Rapid7: Attackers exploit authentication bypass flaw in the wild, meaning more emergency patching for PAN-OS users Carly Page Carly Page Published mon 1 Jun 2026 // 13:15 UTC Palo Alto customers are being been told to patch yet another internet-facing security flaw after researchers caught attackers bypassing GlobalProtect authentication and gaining unauthorized VPN access.The flaw, tracked as CVE-2026-0257,…
Excerpt limited to ~120 words for fair-use compliance. The full article is at www.theregister.com - Articles.
Discussion
0 commentsMore from www.theregister.com - Articles
