A security flaw in Palo Alto Networks' PAN-OS GlobalProtect VPN, tracked as CVE-2026-0257, is being actively exploited — and organizations running unpatched systems are at real risk. Attackers are forging authentication cookies to impersonate legitimate users and gain VPN access without valid credentials.
Palo Alto patched the flaw in May, but Rapid7 confirmed successful exploitation across multiple customer environments as early as May 17. CISA added it to its Known Exploited Vulnerabilities catalog on May 29. Despite a "medium" CVSS score of 7.8, researchers stress it should be treated as critical — an unauthenticated admin VPN session into your internal network is serious. Patch immediately.
Source: Dark Reading