All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Palo Alto PAN-OS authentication bypass bug (CVE-2026-0257) now actively exploited in the wild

By

Carly Page

8d ago· 2 min readenNews
Bagel score 70 of 100
70/100
Toasty
Bagelometer

Lightly browned and well buttered. A solid pick from the rack.

Score70TypenewsSentimentnegative

Summary

Palo Alto Networks disclosed a vulnerability (CVE-2026-0257) in PAN-OS using GlobalProtect authentication override cookies, initially rating it medium-severity. Security researchers at Rapid7 have now confirmed active exploitation in the wild, with attackers bypassing GlobalProtect authentication to gain unauthorized VPN access. This forces Palo Alto customers to perform emergency patching for yet another internet-facing security flaw.

Key quotes

· 3 pulled
Palo Alto customers are being told to patch yet another internet-facing security flaw after researchers caught attackers bypassing GlobalProtect authentication and gaining unauthorized VPN access.
Palo Alto disclosed the bug on May 13 and initially assigned it a medium-severity rating, saying it was aware of attempts to exploit it but had not observed any malicious exploitation.
Rapid7: Attackers exploit authentication bypass flaw in the wild, meaning more emergency patching for PAN-OS users
Snippet from the RSS feed
Rapid7: Attackers exploit authentication bypass flaw in the wild, meaning more emergency patching for PAN-OS users

You might also wanna read

Critical Authentication Bypass Vulnerability Discovered in cPanel & WHM (CVE-2026-41940)

watchTowr Labs reports on a critical authentication bypass vulnerability (CVE-2026-41940) in cPanel & WHM, a widely-used web hosting control

watchTowr Labs·1mo ago

Cisco discloses actively exploited zero-day affecting up to 2 million IOS and IOS XE devices

Cisco disclosed an actively exploited zero-day vulnerability (CVE-2025-20352) affecting all supported versions of Cisco IOS and IOS XE, pote

arstechnica.com·8mo ago

CVE-2026-3888: Snap Vulnerability Enables Local Privilege Escalation to Root in Ubuntu Desktop

Qualys researchers discovered a critical Local Privilege Escalation vulnerability (CVE-2026-3888) affecting Ubuntu Desktop 24.04+ that allow

blog.qualys.com·2mo ago

Analysis of CVE-2025-14986: Temporal's Masked Namespace Vulnerability Enabling Cross-Tenant Security Bypass

The article details CVE-2025-14986, a security vulnerability in Temporal's ExecuteMultiOperation endpoint that allows cross-tenant policy an

depthfirst.com·4mo ago

Copy Fail (CVE-2026-31431): Critical Linux Kernel LPE Vulnerability Affecting All Major Distributions

A critical Linux privilege escalation vulnerability (CVE-2026-31431) dubbed "Copy Fail" has been discovered by researcher Xint Code. The exp

Xint·1mo ago

FreeBSD 14.x Kernel LPE Vulnerability: FatGid Exploit Details

This article details a Local Privilege Escalation (LPE) vulnerability in the FreeBSD 14.x kernel, specifically in the kern_setcred_copyin_su

fatgid.io·20d ago