Palo Alto VPN flaw now under active exploitation

Palo Alto Networks has confirmed active exploitation of a critical authentication bypass flaw in its GlobalProtect VPN gateway. The vulnerability, designated CVE-2026-0257, permits attackers to circumvent login requirements and gain unauthorized access to enterprise networks.

The flaw affects PAN-OS, the operating system underlying Palo Alto's firewall and VPN products. Attackers exploiting the vulnerability can bypass authentication mechanisms entirely, rendering username and password protections ineffective. The company issued the warning after detecting exploitation attempts targeting corporate environments.

GlobalProtect is deployed across thousands of enterprises globally as a remote access solution, making the vulnerability's exposure surface substantial. Organizations using affected versions face immediate risk of network compromise. Palo Alto has not disclosed the technical mechanism of the bypass or the scope of successful breaches.

• 01Enterprises running affected PAN-OS versions face immediate unauthorized network access risk
• 02Security teams must audit GlobalProtect deployments and apply vendor guidance urgently
• 03Threat actors gain simplified attack path into corporate environments without credential requirements
• 04Incident response teams should review logs for anomalous VPN authentication patterns