Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257
ID: ecca2341-2efb-5286-8f6b-7de0fbcc00db
STIX ID: report--ecca2341-2efb-5286-8f6b-7de0fbcc00db
Feed Name: Palo Alto Networks Unit 42
Threat Score
Palo Alto Networks Unit 42 observed active exploitation of PAN-OS CVE-2026-0257 — an authentication bypass affecting GlobalProtect portal and gateway — with limited successful gateway-connected sessions observed; the brief provides IoCs (nine IPs and sample host IDs/MACs), detection queries for GlobalProtect logs, and mitigation guidance including reviewing the Palo Alto advisory and applying fixes or workarounds.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
