PALO Alto Networks' Unit 42 has reported active exploitation of a vulnerability in PAN-OS (CVE-2026-0257) by an unidentified actor targeting GlobalProtect. This vulnerability allows attackers to bypass authentication controls and establish unauthorized VPN connections. It was cataloged as a known exploited vulnerability on May 29, 2026. Organizations are advised to monitor for specific indicators in GlobalProtect logs, implement incident response protocols, and review security advisories related to this CVE.
Currently, no evidence of post-exploitation behavior has been detected. Suggested tracking includes monitoring specific IP addresses and suspicious device names. The threat brief offers guidance on product protections and additional resources for mitigation.