HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation Threatens VPN Security

Palo Alto Networks reports that CVE‑2026‑0257, an authentication bypass in PAN‑OS and Prisma Access, is being actively exploited. Threat actors can establish rogue GlobalProtect VPN connections, exposing corporate networks and third‑party data pipelines. TPRM teams should treat any vendor using GlobalProtect as a high‑risk vector.

LiveThreat™ Intelligence · 📅 May 30, 2026· 📰 thehackernews.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
5 recommended
📰
Source
thehackernews.com

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Enables Unauthorized VPN Access Under Active Exploitation

What It Is – Palo Alto Networks disclosed a medium‑severity authentication bypass flaw in PAN‑OS and Prisma Access (CVE‑2026‑0257). The bug allows an unauthenticated remote user to establish a GlobalProtect VPN tunnel and gain network access as a legitimate client.

Exploitability – Threat intel confirms the vulnerability is being actively exploited in the wild. Public PoCs have surfaced, and the CVSS v3.1 base score is 7.8 (High).

Affected Products – PAN‑OS 10.2.x‑10.3.x, GlobalProtect client, and Prisma Access cloud‑delivered firewall services.

TPRM Impact – Third‑party risk teams must treat any organization that relies on Palo Alto GlobalProtect as a potential attack surface. A compromised VPN can be leveraged to pivot into downstream SaaS, on‑premise systems, or data warehouses, amplifying supply‑chain exposure.

Recommended Actions

  • Verify you are running a patched PAN‑OS version (10.2.12, 10.3.9, or later) and apply the vendor‑released hotfix immediately.
  • Enforce MFA for GlobalProtect authentication and disable any legacy authentication methods.
  • Review VPN logs for anomalous tunnel creations, especially from unexpected source IPs or geographic regions.
  • Conduct a rapid risk assessment of any third‑party services accessed via the VPN to identify lateral movement pathways.
  • Update your TPRM inventory to flag Palo Alto Networks as a critical security control and monitor for future advisories.

Source: The Hacker News

📰 Original Source
https://thehackernews.com/2026/05/pan-os-globalprotect-authentication.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →