CVE-2026-0257

KEV EPSS 18.6%

hype LIKELY HACK · 82 hack

KEV-listed and vendor-confirmed active exploitation within weeks; limited PoC visibility but strong institutional signal.

What: Authentication bypass in Palo Alto Networks PAN-OS GlobalProtect portal and gateway allowing unauthorized VPN access (EPSS 0.2%, no CVSS assigned).

Why it matters: KEV-listed as of 2026-05-29; vendor confirms active in-the-wild exploitation in enterprise environments within 16 days of CVE publication. No Panorama or Cloud NGFW impact limits blast radius but VPN gateway compromise is critical.

Where it's seen: Social chatter dominated by vendor confirmation posts and security news aggregators amplifying active exploitation claims. Posts are consistent—no PoC links observed, but defender urgency signaled by KEV addition and vendor advisory timing.

RISK: CRITICAL — Active exploitation confirmed; KEV-listed; VPN authentication bypass grants unauthorized network access.

Generated by claude-haiku-4-5 from public posts and authoritative metadata. AI can make mistakes — verify against vendor advisories before acting. 5/31/2026, 1:04:35 AM

Description

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

Weaknesses

CWE-565

References

Other · 1

https://security.paloaltonetworks.com/CVE-2026-0257