Palo Alto PAN-OS Authentication Bypass Vulnerability Actively Exploited in the Wild

A vulnerability (CVE-2026-0257) in Palo Alto Networks PAN-OS and Prisma Access enabling forged GlobalProtect authentication-override cookies is being actively exploited in the wild; Rapid7 observed two attack waves that probed and in some cases established full VPN sessions, CISA added the CVE to its KEV catalog, and the report provides IOCs (source IPs, machine names, spoofed MAC) plus specific PAN-OS/Prisma Access updates and mitigations to apply immediately.