U.S. CISA adds Palo Alto Networks PAN-OS flaw to its Known Exploited Vulnerabilities catalog

CISA added PAN-OS CVE-2026-0257 to its Known Exploited Vulnerabilities catalog after Rapid7 observed active exploitation of an authentication-bypass flaw in GlobalProtect portal/gateway. The vulnerability—exploitable when the same certificate is used for HTTPS and cookie encryption—allows attackers to forge cookies and obtain VPN access; Rapid7 observed multiple waves of exploitation, published a PoC and IOCs, and recommends patching or mitigations immediately.