PALO Alto Networks has alerted customers to a high-severity authentication bypass vulnerability (CVE-2026-0257) affecting its GlobalProtect portal and gateway in the PAN-OS software. Despite a patch released on May 13, attackers are actively exploiting this flaw, which allows unauthorized VPN access. The CVSS score for this vulnerability is now rated at 7.8, elevated from a medium-severity designation after detected exploit attempts.
Rapid7 classified the situation as critical, indicating two waves of exploitation since mid-May. Organizations are advised to apply patches immediately or implement mitigations, such as disabling authentication overrides or regenerating secure certificates. CISA included this vulnerability in its Known Exploited Vulnerabilities Catalog, enforcing a patch deadline for federal agencies by June 1.