PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

Palo Alto Networks disclosed CVE-2026-0257, an authentication-bypass affecting PAN-OS GlobalProtect portals/gateways (CVSS 7.8) that can allow attackers to establish unauthorized VPN connections when authentication override cookies and a specific certificate configuration are present; Rapid7 and Palo Alto reported limited active exploitation in multiple waves and recommend urgent patching or mitigations (disable auth override or use a new certificate).