Palo Alto Networks — CVE-2026-0257 GlobalProtect Auth Bypass, CISA KEV

AI relevance: PAN-OS GlobalProtect VPNs are the primary ingress layer protecting AI inference clusters, model serving endpoints, and agent orchestration networks — a bypass grants direct internal access to ML infrastructure.

Palo Alto Networks confirmed active exploitation of CVE-2026-0257, an authentication bypass in the GlobalProtect portal and gateway. CISA added it to the Known Exploited Vulnerabilities catalog on May 29, 2026, following confirmation by Rapid7 of successful exploitation across multiple customer environments since May 17.

• CVSS 7.8 — authentication override cookies enabled with specific certificate configurations allow unauthenticated VPN connections
• Two exploitation waves observed by Rapid7: first on May 17, second on May 21 — same threat actor assessed
• Attackers successfully established VPN sessions with internal IP assignment in at least two cases, gaining network-level access behind the perimeter
• No follow-on lateral movement detected in observed cases, but the access vector is established
• Palo Alto Networks raised the exploit maturity rating from "proof of concept" to "attacked in the wild"
• Temporary mitigation: disable authentication override feature or generate a new certificate exclusively for the override feature
• This is a distinct flaw from the previously reported CVE-2026-0300 (User-ID RCE) — a separate edge-firewall vulnerability

Why it matters

Organizations running AI model servers, vector databases, and agent tooling behind GlobalProtect VPNs are exposed to direct internal access without authentication. Unlike CVE-2026-0300 (code execution on the firewall itself), this CVE grants lateral positioning inside the network where unprotected AI services typically live.

What to do

• Patch PAN-OS to the vendor-supplied fixed release immediately
• Disable the authentication override feature if patching is not yet possible
• Generate a new certificate for the override feature to invalidate stolen cookies
• Review VPN logs for unauthorized sessions established since May 17
• Audit internal AI/ML services for missing network-level authentication between the VPN edge and model endpoints

Sources

• Palo Alto Networks — CVE-2026-0257 Advisory
• Rapid7 — Observed Exploitation of CVE-2026-0257
• CISA Known Exploited Vulnerabilities Catalog
• The Hacker News — PAN-OS GlobalProtect Auth Bypass Under Active Exploitation