Detections
Analytics

CVE-2026-0257

high

Description

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

References

https://security.paloaltonetworks.com/CVE-2026-0257

https://www.theregister.com/cyber-crime/2026/06/01/palo-alto-vpn-bug-graduates-from-advisory-to-active-exploitation/5249114

https://www.securityweek.com/recent-palo-alto-networks-vulnerability-exploited-for-weeks/

https://www.infosecurity-magazine.com/news/palo-alto-highseverity-bug/

https://www.darkreading.com/threat-intelligence/patch-palo-alto-auth-bypass-bug-exploit

https://securityaffairs.com/192951/security/u-s-cisa-adds-palo-alto-networks-pan-os-flaw-to-its-known-exploited-vulnerabilities-catalog.html

https://cyberscoop.com/palo-alto-networks-cve-2026-0257-exploited-vulnerability/

https://securityaffairs.com/192933/security/cve-2026-0257-rapid7-caught-attackers-abusing-forged-vpn-cookies-against-multiple-customers.html

https://www.bleepingcomputer.com/news/security/palo-alto-globalprotect-vpn-auth-bypass-flaw-now-exploited-in-attacks/

https://www.cisa.gov/news-events/alerts/2026/05/29/cisa-adds-one-known-exploited-vulnerability-catalog

https://thehackernews.com/2026/05/pan-os-globalprotect-authentication.html

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0257

Details

Source: Mitre, NVD

Published: 2026-05-13

Updated: 2026-06-01

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 9.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

CVSS v4

Base Score: 7.8

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N

Severity: High

EPSS

EPSS: 0.46453

Vulnerability Watch

Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.

Vulnerability of Interest