CVE-2026-0257

UNKNOWN 0.0

⚠️ CISA KEV

PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities

CVSS Score

0.0

EPSS Score

52.8%

EPSS Percentile

98th

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

CWE	CWE-565
Vendor	palo alto networks
Product	cloud ngfw
Published	May 13, 2026
Last Updated	Jun 9, 2026

⚠️ Actively Exploited — Act Now

Get instant alerts for palo alto networks cloud ngfw

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2026-0257.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Palo Alto Networks / Cloud NGFW

All versions affected

Palo Alto Networks / PAN-OS

12.1.0 < 12.1.7, 12.1.4-h6 11.2.0 < 11.2.12, 11.2.10-h7, 11.2.7-h14, 11.2.4-h17 11.1.0 < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33 10.2.0 < 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34

Palo Alto Networks / Prisma Access

10.2.0 < 10.2.10-h36 11.2.0 < 11.2.7-h13

References

NVD ↗ CVE.org ↗ EPSS Data ↗

security.paloaltonetworks.com: https://security.paloaltonetworks.com/CVE-2026-0257 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0257 cert-portal.siemens.com: https://cert-portal.siemens.com/productcert/html/ssa-967325.html

Credits

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.