Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit

darkreading.com·Jun 1, 2026

A vulnerability in Palo Alto Networks' PAN-OS GlobalProtect VPN allows attackers to bypass authentication and gain unauthorized access, with active exploitation reported since mid-May. Organizations are urged to apply the vendor's patch immediately or implement cybersecurity measures to mitigate the risk.

The most actionable takeaway for you is to treat the Palo Alto Networks PAN-OS GlobalProtect VPN vulnerability (CVE-2026-0257) as a critical issue despite its medium severity CVSS score. Since it's actively being exploited, ensure your organization applies the vendor-supplied patch immediately or implements mitigation strategies, such as using dedicated certificates for authentication-override cookies and disabling the authentication override feature to prevent unauthorized VPN access.

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

Create Your Own →Explore Newsfeeds

More from Cybersecurity News

Recent stories curated alongside this one.

Browse all Cybersecurity News →

Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit

Want more content like this?

More from Cybersecurity News

[Virtual Event] Anatomy of a Data Breach: What to Do if it Happens to You

Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

Red Hat npm packages compromised to steal developer credentials

Spain arrests doxer leaking sensitive data of govt employees

WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites