A critical authentication bypass vulnerability (CVE-2026-0257, CVSS 9.1) in Palo Alto Networks PAN-OS GlobalProtect gateways is being actively exploited, allowing attackers to establish unauthorized VPN sessions without valid credentials. Affected versions include PAN-OS versions prior to 10.2.7. The fixed version is PAN-OS 10.2.7.
Attackers are actively exploiting a PAN-OS GlobalProtect authentication bypass vulnerability to gain unauthorized VPN access to exposed Palo Alto Networks firewalls. An attacker who successfully exploits CVE-2026-0257 can: - Establish unauthorized VPN sessions through affected GlobalProtect gateways. - Bypass authentication controls without valid user credentials. - Gain network-level access typically reserved for authenticated VPN users. - Potentially facilitate further reconnaissance, lateral movement, or follow-on attacks within the victim environment.