Palo Alto VPN Authentication Bypass CVE-2026-0257 Exploited in the Wild — Patch Now
CVE-2026-0257 is an authentication bypass in Palo Alto Networks' GlobalProtect VPN (PAN-OS) that lets attackers forge cookies and connect to internal networks without valid credentials. Already exploited in the wild; CISA added it to KEV with a June 1 deadline. Affected: PAN-OS 10.2 / 11.1 / 11.2 / 12.1. Full affected-and-fixed version table and indicators of compromise inside.
Makoto Horikawa
Backend Engineer / AWS / Django
CVE-2026-0257 is an authentication bypass in Palo Alto Networks' GlobalProtect VPN (PAN-OS) that lets attackers forge cookies and connect to internal networks without valid credentials. Already exploited in the wild; CISA added it to KEV with a June 1 deadline. Affected: PAN-OS 10.2 / 11.1 / 11.2 / 12.1. Full affected-and-fixed version table and indicators of compromise inside.
Palo Alto Networks' GlobalProtect VPN, widely used to let employees reach corporate networks from home or on the road, has a vulnerability that allows an attacker with no valid ID or password to connect into the internal network anyway. It is tracked as CVE-2026-0257. It is already being used in real-world attacks, and on May 29, 2026 the U.S. cybersecurity agency CISA added it to its Known Exploited Vulnerabilities (KEV) catalog, ordering federal agencies to remediate by June 1.
The flaw lives in the operating system that powers these VPN features: PAN-OS. PAN-OS runs Palo Alto Networks firewalls — the gatekeeping appliances that sort traffic between inside and outside — and GlobalProtect is the gateway on top of it that accepts secure connections from outside. CVE-2026-0257 is an authentication bypass: it lets an attacker skip identity verification at that gateway and establish an unauthorized VPN connection.
The severity rating is split between scoring bodies. Palo Alto Networks itself rates it 7.8 (High) on the newer CVSS 4.0 scale, while the U.S. National Institute of Standards and Technology (NIST) rates it 9.1 (Critical) on the older CVSS 3.1 scale. The number matters less than one fact: attacks are already happening. Security firm Rapid7 reports observing exploitation of this flaw across multiple customer environments since mid-May.
| Item | Detail |
|---|---|
| CVE ID | CVE-2026-0257 |
| Affected product | PAN-OS (GlobalProtect portal / gateway) |
| Vulnerability type | Authentication bypass (CWE-565: reliance on cookies without integrity checking) |
| Severity | 7.8 (vendor CVSS 4.0) 9.1 (NIST CVSS 3.1, Critical) |
| Exploitation | Observed in the wild (listed in CISA KEV) |
| U.S. remediation deadline | June 1, 2026 |
| Not affected | Panorama, Cloud NGFW |
A Forged Badge Walks Into Your Network — and What Walks Back Out
Hearing "someone makes an unauthorized VPN connection" makes it hard to picture which part of your own company is at risk, so let's first sketch what an attacker is actually after when they reach for this hole. A VPN is the entrance that lets employees outside the building pass into the internal network. Being able to walk through it while impersonating a legitimate employee means the attacker can stand inside the company's building without anyone's permission.
The people who truly want this entrance are not thrill-seeking pranksters. They are initial access brokers who resell the foothold to other crews, ransomware operators who buy that foothold to encrypt files and demand a ransom, industrial spies who leak blueprints and quotes to a competitor, state-aligned groups from China, Russia, or North Korea acting on government orders, and resellers who hawk stolen employee accounts on underground markets. Once inside the VPN, what they hunt for is the customer lists and contracts on the file server, the salaries and national ID numbers in the HR database, the wire-transfer screen of the finance system, the Active Directory that holds every employee's password, and an admin account they can use for the next break-in. The moment a forged connection cookie clears the gate, the attacker drops from outside the company straight into the middle of the internal LAN and starts reaching for every one of those things, one after another.
VPN appliances and firewalls are the "trusted point" on the boundary between inside and outside. That is exactly why they are so valuable to attackers: punch through that single layer and lateral movement across the inside, and the work of planting a long-term foothold that no one notices, both get dramatically easier. Palo Alto's GlobalProtect has been here before — in 2024 the unauthenticated remote code execution flaw CVE-2024-3400 was abused by state-aligned actors, proving this product's entrance is a first-class target that attackers come back to again and again. This authentication bypass simply cuts one more keyhole into that same well-watched door.
The 7.8 from the vendor and the 9.1 from NIST are just markings on a technical severity ruler. What a company actually stands to lose is this: the VPN installed to enable remote work turns, wholesale, into an outside crew's "service entrance with a copied key," and through leaked customer data, encrypted core systems, and knock-on damage to business partners, the business itself can grind to a halt. The very device that made remote work convenient flips into the shortest path in — that is the real weight of this vulnerability.
What Are PAN-OS and GlobalProtect?
Palo Alto Networks is a U.S. company and the world's largest maker of enterprise network security gear. Its flagship product is the "next-generation firewall," a gatekeeper appliance placed between inside and outside that sorts traffic and blocks dangerous connections. The operating system that runs this appliance is PAN-OS.
Running on top of it, GlobalProtect is the VPN feature that lets off-site employees connect securely into the corporate network. It supports access from home or while traveling: employees install a dedicated app on their PC or phone and, after identity verification, enter the company network. With remote work spreading since the pandemic, many companies, government bodies, and universities worldwide have deployed this kind of VPN, and Palo Alto's GlobalProtect is one of the leading options.
The identity-verification side has two roles: the "portal" that first accepts access, and the "gateway" that actually establishes the VPN tunnel. This vulnerability affects both. By contrast, Panorama, which centrally manages multiple firewalls, and the cloud-delivered Cloud NGFW are not affected. What is at risk is any environment that runs PAN-OS as a physical (or virtual) appliance and has GlobalProtect enabled.
What Happens: A Forged Cookie Passes as the Real Thing
The heart of this vulnerability is a weakness in GlobalProtect's "authentication override cookie" mechanism. The idea is convenience: once a user logs in, they are issued a cookie (a small token of credential data handed to the browser), and on subsequent visits they can present that cookie to skip logging in again. It exists to save employees effort — but there was a trap in it.
According to Rapid7's technical analysis, if the certificate GlobalProtect uses to encrypt and decrypt these cookies is shared with another feature such as the HTTPS service, an attacker can obtain that certificate's public key from outside. With the public key in hand, the attacker can forge arbitrary authentication override cookies, and when those forged cookies are sent to the server, the server decrypts them correctly, trusts them as genuine, and lets the attacker through identity verification.
The vulnerability database NVD classifies this flaw as CWE-565 (reliance on cookies without validation and integrity checking), pointing precisely at the fact that the server trusted the cookie without sufficiently verifying whether its contents had been tampered with or whether it had truly issued the cookie. The prerequisites for attack are extremely low — network-based, no authentication, no special privileges, no user interaction — and Palo Alto Networks itself rates the attack complexity as low.
Conditions for exposure (all must apply)
- A GlobalProtect portal or gateway is configured
- "Generate cookie for authentication override" or "Accept cookie for authentication override" is enabled
- The certificate used to encrypt the cookie is shared with another feature
Conversely, environments that do not use the authentication override cookie feature, or that use a dedicated certificate for cookies, are not exposed via this path. Still, configurations that use authentication override cookies for SAML authentication or clientless VPN are common, so do not assume "we're fine" — strongly consider running the configuration check described below.
Affected Versions and Fixes
According to Palo Alto Networks' official advisory, the affected and fixed versions break down by PAN-OS branch as follows. Check your version and update to the fixed release (or later) in the same branch.
| PAN-OS branch | First fixed version (update to this or later) | Priority |
|---|---|---|
| 12.1 | 12.1.4-h6 / 12.1.7 | Highest |
| 11.2 | 11.2.4-h17 / 11.2.7-h14 11.2.10-h7 / 11.2.12 | Highest |
| 11.1 | 11.1.4-h33 / 11.1.6-h32 / 11.1.7-h6 11.1.10-h25 / 11.1.13-h5 / 11.1.15 | Highest |
| 10.2 | 10.2.7-h34 / 10.2.10-h36 / 10.2.13-h21 10.2.16-h7 / 10.2.18-h6 | Highest |
| Prisma Access | 10.2.x: 10.2.10-h36 11.2.x: 11.2.7-h13 | High |
| Panorama / Cloud NGFW | Not affected (no update needed) | — |
Multiple fixed versions appear within a single branch because each branch is further split into maintenance sub-branches. Pick the fixed version that matches the sub-branch you run (or any newer version). For exact version checks and the corresponding fixes, the list in the official advisory is authoritative. Note that the cloud-delivered Cloud NGFW and the management product Panorama are reported as not affected.
Attacks Are Already Happening: Rapid7's Observations
That this is not a theoretical risk is shown by observations from Rapid7's managed detection and response (MDR) service. Rapid7 detected the first attack on May 17–18, 2026, confirming suspicious cookie authentication to the local admin account across multiple customer environments. Analysis of tech support files showed the Cloud Authentication Service (CAS) was disabled and authentication override cookies were enabled — exactly the vulnerable configuration. Rapid7 Labs confirmed a successful proof-of-concept (PoC), corroborating that this was exploitation of CVE-2026-0257.
A second wave followed on May 21. In this wave, following successful cookie authentication, a VPN IP address was assigned to the attacker, granting access to the internal network. However, only a subset of environments reached this stage; in 8 of the 10 impacted customers, the forged cookie was accepted but a full VPN session was not established. Even so, the fact that the authentication barrier had been breached remains. Because the MAC address used in both waves was the same, Rapid7 believes they are the work of the same actor.
The post is from Stephen Fewer, a principal security researcher at Rapid7. As sources of the attacks, Rapid7 cites IP addresses at the hosting provider Vultr (104.207.144.154) and Dromatics Systems (146.19.216.119/120/125). In the verification work below, it is worth checking your logs for access or login traces from these IPs.
From Disclosure to Exploitation to the U.S. Order
← Swipe to move
Clues to Check Whether You Were Already Hit
Using the indicators of compromise (IoCs — clues for spotting traces of an attack) that Rapid7 published, you can do a basic check for whether you have already been targeted. Look in your GlobalProtect logs and VPN connection records for traces like the following.
| Type | Value | Note |
|---|---|---|
| Source IP | 104.207.144.154 | Hosting provider Vultr |
| Source IP | 146.19.216.119 / 120 / 125 | Dromatics Systems (2nd wave) |
| Spoofed MAC | aa:bb:cc:dd:ee:ff | Common to both waves |
| Spoofed hostname | GP-CLIENT / DESKTOP-GP01 | Posing as Linux / Windows |
Pay particular attention to successful VPN authentication against the local admin account and to GlobalProtect connections from unfamiliar hostnames or MAC addresses. If these appear in your past logs, you may already be compromised, so alongside patching you need to move to your incident response procedures. Keep in mind the IPs and MAC above are only examples; attacks could well come from other sources.
What to Do Right Now
1. Update PAN-OS to a fixed version. Upgrade to the fixed version (see the table above) or later for the PAN-OS branch you run. With attacks already observed and the U.S. government setting a June 1 deadline, this is both the top priority and the permanent fix. Follow the official advisory for version checks and mappings.
2. If you can't update immediately, apply a mitigation. Palo Alto Networks offers two interim workarounds. One is to issue a dedicated certificate for authentication override cookies and not share it with other features. The other is to disable the authentication override feature entirely (uncheck "generate cookie" and "accept cookie" in the GlobalProtect configuration). Simply cutting the certificate reuse breaks the precondition for cookie forgery.
3. Review past logs. Check GlobalProtect logs and VPN connection records going back at least to May 13 (the disclosure date), ideally to mid-May. Look for the IoCs above, suspicious local-admin logins, and unfamiliar hostnames or MAC addresses. If you find traces, respond on the assumption of compromise.
4. Reassess what is exposed. Because the GlobalProtect portal/gateway is exposed to the internet by design, you can't reduce the attack surface to zero, but restricting the management interface (web UI) to internal or specific IPs and trimming unnecessary public settings are sound basics that help here and beyond.
5. Rotate credentials. If compromise cannot be ruled out, reissue passwords for accounts tied to the VPN and the GlobalProtect local admin credentials. If an attacker was already inside, patching alone won't evict them.
What KEV Listing Means, and the Hub Article
CISA's Known Exploited Vulnerabilities (KEV) catalog lists only vulnerabilities CISA has confirmed are actively used in attacks. Being on it means a present, ongoing threat rather than a theoretical risk, and it creates a legal remediation obligation for U.S. federal agencies. CVE-2026-0257 was added on May 29, 2026, with a June 1 deadline. There is no legal force for companies in Japan, but "attacks are happening and the U.S. government set a deadline of just a few days" is reason enough for any IT team to move quickly.
On this site, we continuously update the list of CISA-confirmed actively-exploited CVEs and their deadlines on our CISA KEV dashboard (Japanese). This Palo Alto Networks PAN-OS case fits the same classic "boundary-device authentication bypass" pattern as previously KEV-listed VPN and firewall gear (Citrix, Ivanti, Cisco, Fortinet). When one appliance on the boundary is broken, the whole internal network is exposed — a structure these products share.
Palo Alto's GlobalProtect was also abused by state-aligned actors in 2024 via CVE-2024-3400, and it remains a target attackers come back to. VPNs and firewalls are not "install it and you're safe" devices; the practical lesson from this case is to run them on the premise that, as long as they are exposed, they must be kept updated as a top priority.
Sources
- ▸ NVD - CVE-2026-0257
- ▸ Palo Alto Networks Security Advisory - CVE-2026-0257
- ▸ Rapid7 - Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)
- ▸ CISA - Known Exploited Vulnerabilities Catalog
- ▸ Stephen Fewer (Rapid7) on X
- ▸ Palo Alto Networks - GlobalProtect product page
- ▸ NVD - CVE-2024-3400 (2024 GlobalProtect zero-day)