Attackers actively exploit Palo Alto Networks firewall authentication-bypass vulnerability upgraded from medium to critical
By
Matt Kapko
Summary
Palo Alto Networks disclosed an authentication-bypass vulnerability (CVE-2026-0257) in their firewalls on May 13, initially rating it as medium-severity. However, after Rapid7 observed active exploitation in the wild, the company quickly reassessed it as critical. CISA added the vulnerability to its known exploited vulnerabilities catalog. The incident highlights how a seemingly mild vulnerability can rapidly escalate into an urgent security threat requiring immediate response from researchers and threat hunters.
Source
Key quotes
· 3 pulledResearchers and threat hunters are scrambling to respond to an actively exploited authentication-bypass vulnerability affecting Palo Alto Networks customers' firewalls.
The company initially tagged CVE-2026-0257 with a medium-severity rating when it disclosed the defect May 13, but quickly reassessed it as critical after Rapid7 observed and confirmed active exploitation in the wild.
The escalated threat posed by the defect showcases how quickly a seemingly mild vulnerability can turn into an urgent warning.
You might also wanna read
Critical Authentication Bypass Vulnerability Discovered in cPanel & WHM (CVE-2026-41940)
watchTowr Labs reports on a critical authentication bypass vulnerability (CVE-2026-41940) in cPanel & WHM, a widely-used web hosting control
watchTowr Labs·2mo ago
Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257
WAF - WAF Release - 2025-09-28 - Emergency
WAF - WAF Release - 2025-10-07 - Emergency
CVE-2026-48800 Bypass: Path Traversal Vulnerability Discovered in Notepad++ v8.9.6.1
A security vulnerability (CVE-2026-48800 bypass) has been discovered in Notepad++ v8.9.6.1, the latest patched version. The vulnerability in

Comments
Sign in to join the conversation.
No comments yet. Be the first.