The Hacker NewsCRITICALVulnerability disclosureBREAKING2026-06-15

Palo Alto Networks Reports Active Exploitation of PAN-OS GlobalProtect Authentication Bypass

CVE-2026-0257, a critical authentication bypass in PAN-OS GlobalProtect portal and gateway components, is being actively exploited in limited attacks to establish unauthorized VPN connections.

Attack Brief

TargetPalo Alto Networks PAN-OS GlobalProtectVectorAuthentication bypass vulnerability in portal and gateway componentsAttributionunattributed

Technical Details

CVE IDsCVE-2026-0257MITRE ATT&CKT1133IoCs23.128.228.6104.207.144.154146.19.216.119146.19.216.120146.19.216.125179.43.172.213185.195.232.139198.12.106.60202.144.192.47aa:bb:cc:dd:ee:ff00:11:22:33:44:55WINDOWS-LAPTOP-001DESKTOP-GP01GP-CLIENTAffectedPAN-OS GlobalProtect portal and gateway components

Impact

Confirmed DamageLimited exploitation observed; only small portion of probed devices established VPN sessions; no post-access behavior or lateral movement identified as of report date

Mitigation

DetectionSearch GlobalProtect logs for successful gateway-connected events matching PoC exploit configuration: endpoint_os_version 'Microsoft Windows 10 Pro 64-bit' and empty source_user_info.domain

Context

Similar AttacksCISA added CVE-2026-0257 to Known Exploited Vulnerabilities catalog and mandated mitigation for Federal Civilian Executive Branch agencies by June 1, 2026

Source

https://thehackernews.com/2026/06/palo-alto-warns-of-active-exploitation.htmlby The Hacker Newson 2026-06-15T00:00:00Z

CVECVE-2026-0257 VendorPalo Alto Networks Incidentvulnerability_disclosure

2 sources

Read full article on The Hacker News →← Back to news