Recent reports from Palo Alto Networks have highlighted a critical security flaw in their PAN-OS GlobalProtect system. The flaw, identified as CVE-2026-0257, is being actively exploited by hackers to infiltrate corporate networks.
Palo Alto Networks addressed the CVE-2026-0257 vulnerability earlier this month, emphasizing its potential to create unauthorized VPN connections on affected devices.
The company’s advisory states, “GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection.”
Initially rated as a Medium severity issue, the flaw necessitates specific device configurations with authentication override cookies enabled. However, Palo Alto Networks recently upgraded the severity rating to High as unpatched devices are now under active attack.
An update from Palo Alto Networks revealed, “Limited exploit attempts on unpatched PAN-OS devices without mitigations applied have been detected.”
Rapid7, a cybersecurity firm, also confirmed the exploitation of the vulnerability against multiple customers starting on May 17.
According to Rapid7, hackers exploited the flaw by authenticating to GlobalProtect gateways using forged authentication override cookies targeting the local administrator account.
Incidents of successful exploitation were observed on May 18 and May 21, with attackers gaining access to internal networks in some cases. Despite the acceptance of forged cookies by the appliance, many attempts failed to establish a full VPN session.
Rapid7’s investigation highlighted the importance of GlobalProtect authentication override cookies in the flaw, which stems from PAN-OS’s validation process.
Organizations utilizing GlobalProtect VPN devices are strongly advised to apply the latest security updates to address the vulnerability. Alternatively, admins can mitigate the risk by disabling the authentication override feature or using a separate certificate for this purpose.
CISA has included the flaw in its Known Exploited Vulnerability catalog, mandating federal agencies to implement mitigations by June 1, 2026.
Automated pentesting tools offer valuable insights but focus primarily on network traversal. To ensure robust security, organizations must validate threat-blocking controls, detection rules, and cloud configurations. Learn about the essential validation surfaces in our comprehensive guide.
Download Now
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook’s New Look: A Blend of Instagram’s Style
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
Facebook and Instagram to Reduce Personalized Ads for European Users
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Subscribe to our weekly newsletter below and never miss the latest News or an exclusive offer.
