CISA has added CVE‑2026‑0257 to its Known Exploited Vulnerabilities catalogue. The entry concerns Palo Alto Networks’ PAN‑OS software. The vulnerability, named “Palo Alto Networks PAN‑OS Authentication Bypass Vulnerability,” allows attackers to bypass authentication and establish an unsanctioned VPN connection.
The flaw is an authentication bypass in PAN‑OS that can be exploited over the network to circumvent security controls and create unauthenticated VPN sessions. It carries a CVSS v3.1 score of 7.8, rated HIGH. No patch or advisory is currently available from the vendor, and the patch status is listed as unknown.
Because the CVE appears in the KEV catalogue, active exploitation has been confirmed in the wild. There is no publicly known use of this vulnerability in ransomware campaigns. CISA has set a remediation deadline of 2026‑06‑01 for affected federal agencies.
CISA’s required action is to “Apply mitigations per vendor instructions, follow applicable BOD 22‑01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.” This directive binds Federal Civilian Executive Branch (FCEB) agencies; all other organisations should likewise review their exposure to PAN‑OS and consider applying any available mitigations.
For full details, see the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-0257 and the CISA KEV catalogue.