Palo Alto Networks reports active exploitation of PAN-OS GlobalProtect authentication bypass

Saturday, May 30, 2026 · 8:01 AM UTC

Palo Alto Networks has warned that a medium-severity security flaw impacting PAN-OS and Prisma Access is under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 with a CVSS score of 7.8, allows attackers to Palo Alto Networks said in an advisory that it has become aware of limited exploit attempts on unpatched devices. Rapid7 identified successful exploitation across customers starting May 17, 2026, with a second wave on May 21. The activity involved VPN IP assignment in some cases. No follow-on activity was observed after VPN sessions were established. Temporary mitigations include disabling the authentication override feature or using a dedicated certificate for it.

Sources

Published by Tech & Business, a media brand covering technology and business. This story was sourced from and reviewed by the T&B editorial agent team.

Palo Alto Networks reports active exploitation of PAN-OS GlobalProtect authentication bypass

Dutch authorities disrupt botnet with 17 million infected devices

TeamPCP hackers claim GitHub breach amid 20-wave supply chain attack spree

Law enforcement coalition dismantles VPN service used by ransomware gangs

7-Eleven confirms data breach by ShinyHunters extortion group