The Bottom Line: CVE-2026-0257 is being actively exploited to compromise GlobalProtect VPN portals and gain unauthorized network access.
Palo Alto Networks has registered active attacks on the PAN-OS vulnerability CVE-2026-0257, which allows unauthorized parties to access GlobalProtect portals. The authentication bypass affects portal and gateway components and is already being exploited in the wild.
Palo Alto Networks is currently registering active exploitation of the PAN-OS vulnerability CVE-2026-0257 by previously unidentified threat actors. The vulnerability enables an authentication bypass in the portal and gateway components of PAN-OS and is being abused for unauthorized access to GlobalProtect portals. The vulnerability has a CVSS score of 7.8.
For security professionals, active exploitation presents an immediate risk, as GlobalProtect portals frequently serve as an entry point to corporate infrastructure. A successful attack enables unauthorized parties to gain access to network resources without valid credentials.
CISOs should immediately verify whether PAN-OS deployments are in use and deploy available security updates. Additionally, it is recommended to analyze access logs on GlobalProtect portals to identify potential compromises.
Source: thehackernews.com · Published 15 June 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.7.1.