Active CVE-2026-0257 exploits in GlobalProtect authentication bypass

Top Highlights

Palo Alto Networks’ CVE-2026-0257 vulnerability allows attackers to bypass authentication and establish unauthorized VPN connections, especially when specific certificate and cookie configurations are present.
Exploitation campaigns targeting this flaw have been active since May 17, 2026, with attackers gaining internal network access via VPN IP assignment after successful cookie authentication.
Rapid7 reports that compromised systems are vulnerable until patched, emphasizing the urgent need to update affected devices or implement workarounds like disabling authentication override or using new certificates.

Threat, Attack Techniques, and Targets

Palo Alto Networks warns about a security flaw called CVE-2026-0257. It has a severity score of 7.8 out of 10. This flaw affects PAN-OS and Prisma Access software. Attackers can exploit this weakness to bypass authentication checks. They can then set up VPN connections without permission. The vulnerability happens when the GlobalProtect portal or gateway is configured with authentication override cookies and a certain certificate setup. This flaw is being actively exploited in the wild. Cybercriminals started exploiting it as early as May 17, 2026. They target networks using affected Palo Alto firewalls that have not been patched. These attacks allow the attacker to access internal networks.

Impact, Security Implications, and Remediation Guidance

The main impact of this flaw is that attackers can bypass security controls and connect to a network’s VPN. This can lead to unauthorized access and potential control over the internal network. Organizations could face serious security risks if they do not fix the problem. For now, Palo Alto recommends two temporary measures. They advise disabling the authentication override feature or creating a new certificate for it. The best course of action is to update the affected devices with a patch from the vendor. Since specific remediation details are not provided in the source, organizations should contact Palo Alto Networks or their security authority for further guidance.

Stay Ahead with the Latest Tech Trends

Stay informed on the revolutionary breakthroughs in Quantum Computing research.

Discover archived knowledge and digital history on the Internet Archive.

ThreatIntel-V1

What's Hot

Active CVE-2026-0257 exploits in GlobalProtect authentication bypass

GREYVIBE Hackers Use ChatGPT & Google Gemini to Power Cyberattacks

Russia-Aligned Crime Group Greyvibe Fully Harnesses AI in Attacks

Active CVE-2026-0257 exploits in GlobalProtect authentication bypass

GREYVIBE Hackers Use ChatGPT & Google Gemini to Power Cyberattacks

Russia-Aligned Crime Group Greyvibe Fully Harnesses AI in Attacks

Microsoft Named Leader in 2026 Endpoint Protection Magic Quadrant

GREYVIBE Hackers Use ChatGPT & Google Gemini to Power Cyberattacks

Russia-Aligned Crime Group Greyvibe Fully Harnesses AI in Attacks

Tennessee Man Connected to 764 Child Crime Accusations Since 2022

Ransomware Hijacks SYSTEM Tasks to Encrypt Local Drives Securely

GREYVIBE Hackers Use ChatGPT & Google Gemini to Power Cyberattacks

Russia-Aligned Crime Group Greyvibe Fully Harnesses AI in Attacks

Microsoft Named Leader in 2026 Endpoint Protection Magic Quadrant

Our Picks

Active CVE-2026-0257 exploits in GlobalProtect authentication bypass

GREYVIBE Hackers Use ChatGPT & Google Gemini to Power Cyberattacks

Russia-Aligned Crime Group Greyvibe Fully Harnesses AI in Attacks

Most Popular

Protecting MCP Security: Defeating Prompt Injection & Tool Poisoning

Unlock the Power of Free WormGPT: Harnessing DeepSeek, Gemini, and Kimi-K2 AI Models

The New Face of DDoS is Impacted by AI

Archives

Categories

Subscribe to Updates

What's Hot

Active CVE-2026-0257 exploits in GlobalProtect authentication bypass

Top Highlights

Threat, Attack Techniques, and Targets

Impact, Security Implications, and Remediation Guidance

Stay Ahead with the Latest Tech Trends

Related Posts