CVE- 2026-0265 is an authentication bypass in Palo Alto Networks PAN-OS, with Palo Alto Networks publishing a security advisory on 13 May 2026. The flaw allows a remote unauthenticated attacker with network access to bypass authentication when Cloud Authentication Service is enabled and attached to a login interface, affecting PAN-OS on PA-Series, VM-Series, and Panorama appliances, while Cloud NGFW and Prisma Access are not affected.
Palo Alto Networks assigns a high severity, with a CVSS score of 7.2, noting that risk is greatest for unrestricted management interfaces with CAS, though other login portals carry lower risk; claims about the severity have been disputed by Harsh Jaiswal of HacktronAI. As of 14 May, there was no public proof-of-concept exploit reported, but researchers indicate practical exploitability and full technical details are due the week of 18 May.
Patches were published on 13 May for many versions, with additional fixes ETA 28 May; organisations should upgrade affected PA-Series, VM-Series, and Panorama installations with CAS enabled.