A critical authentication bypass vulnerability (CVE-2026-0257, CVSS 9.1) in Palo Alto Networks GlobalProtect VPN allows attackers to forge authentication cookies to bypass login controls. The vulnerability affects PAN-OS versions prior to 10.2.7, and exploitation has been observed in limited attacks. Palo Alto Networks has released a fix in PAN-OS version 10.2.7.
Authentication bypass vulnerabilities (CVE-2026-0257) in Palo Alto Networks’ firewalls that the company disclosed on May 13 have been targeted in “limited exploit attempts”. “Across multiple customers, Rapid7 observed successful exploitation via authentication probes using forged cookies, but the appliance accepted the cookie without a full VPN session being established in 8 out of 10 impacted [Managed Detection Response] customers.” The good news, though, is that the company hasn’t observed any indication of successful lateral movement … More → The post Hackers are exploiting Palo Alto GlobalProtect VPN authentication bypass (CVE-2026-0257) appeared first on Help Net Security .