THE article discusses CVE-2026-0257, a vulnerability in Palo Alto Networks' GlobalProtect VPN that allows attackers to forge authentication cookies and bypass login, confirmed to be exploited since May 17, 2026. Rapid7 reported that the flaw affects multiple customers, enabling unauthorized VPN access without credentials under specific misconfigurations. Attacks were observed in waves from different infrastructure providers, with indicators suggesting a single threat actor.
Rapid7 assessed the flaw's severity as high, highlighting the urgent need for affected organizations to upgrade their PAN-OS or modify their configurations to prevent exploitation.