CVE-2026-0257

May 14, 2026, 4:21 p.m.

4.7
Medium

Description

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

Product(s) Impacted

Vendor Product Versions
Palo Alto Networks
  • Pan-os
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-565
Reliance on Cookies without Validation and Integrity Checking
The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a palo_alto_networks pan-os / / / / / / / /

References

https://security.paloaltonetworks.com/CVE-2026-0257

Tags

[email protected]
CWE-565
2026-05-13
CVE-2026-0257

CVSS Score

4.7 / 10

CVSS Data - 4.0

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Attack Requirements: NONE
  • Privileges Required: NONE
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: LOW
  • Integrity Impact: NONE
  • Availability Impact: NONE
  • Exploit Maturity: UNREPORTED

    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber

    View Vector String

Timeline

Published: May 13, 2026, 7:17 p.m.
Last Modified: May 14, 2026, 4:21 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

Linked Attack Reports

Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257

An unidentified threat actor is actively exploiting CVE-2026-0257, an authentication bypass vulnerability in PAN-OS GlobalProtect portal and gateway components. The flaw allows unauthorized attackers to circumvent security controls and initiate VPN connections. The vulnerability was added to CISA's…
globalprotect
authentication bypass
pan-os
CVE-2026-0257
2026-06-05
gateway compromise
Published: June 5, 2026
Linked vulnerabilities : CVE-2026-0257 (CVSS 4.7)
Downloadable IOCs: 9

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.