www.darkreading.com 6/1/2026, 3:21:26 PM · external

CVE-2026-0257 flaw lets hackers bypass Palo Alto VPN auth

CyberSIXT Evidence Panel

Primary Source

security.paloaltonetworks.com

CVE Intel

CVE-2026-0257 - NVD CISA KEV due 2026-06-01 7.8 HIGH

CISA KEV Listed in KEV

Patch Patch Available

A critical vulnerability (CVE-2026-0257) in Palo Alto Networks' PAN-OS GlobalProtect VPN allows attackers to bypass authentication and gain unauthorized access to VPNs. Disclosed in May 2026, the flaw has been actively exploited, prompting advisories from cybersecurity organizations, including the CISA. The issue arises from the misuse of authentication override cookies and specific certificate configurations.

Researchers recommend immediate patching of vulnerable devices and urge organizations to treat this vulnerability as critical due to its potential impact on network security.

View Primary Source Via www.darkreading.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline

#8 Jun 1, 2026, 02:35 PM Current article

www.darkreading.com
CVE-2026-0257 flaw lets hackers bypass Palo Alto VPN auth
#7 Jun 1, 2026, 10:00 AM

securityweek.com
Palo Alto PANOS flaw exploited days after patch release
#6 Jun 1, 2026, 08:36 AM

securityaffairs.com
CISA flags PAN-OS flaw CVE-2026-0257 as attackers bypass VPN auth
#5 Jun 1, 2026, 08:30 AM

infosecurity-magazine.com
Attackers Exploit CVE-2026-0257 in Palo Alto GlobalProtect VPN
#4 Jun 1, 2026, 01:00 AM

securityonline.info
Critical FreeBSD Kernel Buffer Overflow Disclosed: Public Details & PoC Out
#3 May 31, 2026, 05:52 PM

securityaffairs.com
CVE-2026-0257 flaw lets attackers hijack Palo Alto VPN logins
#2 May 30, 2026, 06:41 AM

thehackernews.com
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
#1 May 30, 2026, 01:34 AM

securityonline.info
Critical PANOS Flaw Lets Attackers Bypass Authentication