# Palo Alto Networks reports active exploitation of PAN-OS GlobalProtect authentication bypass

_Saturday, May 30, 2026 at 4:01 AM EDT · Cybersecurity · Latest · Tier 2 — Notable_

Palo Alto Networks has warned that a medium-severity security flaw impacting PAN-OS and Prisma Access is under active exploitation in the wild.

The vulnerability, tracked as CVE-2026-0257 with a CVSS score of 7.8, allows attackers to bypass authentication and set up unauthorized VPN connections when authentication override cookies are enabled with a specific certificate configuration.

Palo Alto Networks said in an advisory that it has become aware of limited exploit attempts on unpatched devices. Rapid7 identified successful exploitation across customers starting May 17, 2026, with a second wave on May 21. The activity involved VPN IP assignment in some cases.

No follow-on activity was observed after VPN sessions were established. Temporary mitigations include disabling the authentication override feature or using a dedicated certificate for it.

## Sources


---
Canonical: https://techandbusiness.org/newswire/editor-2310402
Retrieved: 2026-05-30T10:37:31.735Z
Publisher: Tech & Business (techandbusiness.org)