Patch Now: Palo Alto GlobalProtect Auth Bypass Flaw Actively Exploited

Alert: CVE-2026-0257 flaw in PAN-OS VPN exploited. Patch now to prevent unauthorized access and protect your network.

By Content Team

Jun 2, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

A security flaw in Palo Alto Networks' PAN-OS GlobalProtect VPN, tracked as CVE-2026-0257, is being actively exploited — and organizations running unpatched systems are at real risk. Attackers are forging authentication cookies to impersonate legitimate users and gain VPN access without valid credentials.

Palo Alto patched the flaw in May, but Rapid7 confirmed successful exploitation across multiple customer environments as early as May 17. CISA added it to its Known Exploited Vulnerabilities catalog on May 29. Despite a "medium" CVSS score of 7.8, researchers stress it should be treated as critical — an unauthenticated admin VPN session into your internal network is serious. Patch immediately.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Python Repositories Hit by Sophisticated Malware Campaign Using Stolen VS Code Credentials

Mar 17, 2026

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Mar 23, 2026

Over 5,500 GitHub Repositories Hit by 'Megalodon' Supply Chain Attack

May 25, 2026

Adobe Reader Zero-Day Exploit Actively Stealing User Data

Apr 9, 2026