logo

Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257

ID: ecca2341-2efb-5286-8f6b-7de0fbcc00db

STIX ID: report--ecca2341-2efb-5286-8f6b-7de0fbcc00db

Feed Name: Palo Alto Networks Unit 42

Threat Score
70/100

Date Published: 2026-06-05

Date Updated: 2026-06-06

Author: Andy Piazza and Unit 42

...
...

Palo Alto Networks Unit 42 observed active exploitation of PAN-OS CVE-2026-0257 — an authentication bypass affecting GlobalProtect portal and gateway — with limited successful gateway-connected sessions observed; the brief provides IoCs (nine IPs and sample host IDs/MACs), detection queries for GlobalProtect logs, and mitigation guidance including reviewing the Palo Alto advisory and applying fixes or workarounds.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.