Palo Alto VPN bug graduates from advisory to active exploitation

Palo Alto disclosed a PAN-OS vulnerability (CVE-2026-0257) affecting GlobalProtect authentication override cookies that attackers are actively exploiting to bypass VPN authentication and gain unauthorized network access. Rapid7 observed successful exploitation across multiple environments since at least May 17, prompting Palo Alto to raise the severity, issue urgent patches, and CISA to list the flaw in its Known Exploited Vulnerabilities catalog.