Palo Alto Networks CVE-2026-0257 — Active Exploitation of GlobalProtect Auth Bypass
AI relevance: AI ops teams running ML infrastructure behind PAN-OS firewalls with GlobalProtect gateways — including GPU clusters, model-serving VMs, and internal AI tooling — are directly exposed to this auth-bypass; once an attacker forges a VPN cookie, they land inside the network segment hosting AI workloads.
What happened
- CVE-2026-0257 is an authentication bypass in PAN-OS and Prisma Access affecting GlobalProtect portals and gateways that have authentication override cookies enabled.
- Palo Alto Networks initially disclosed it on May 13 with a medium severity rating. After Rapid7 confirmed active exploitation, the severity was escalated to critical (CVSS 7.8).
- The exploit is remarkably simple: an attacker can forge a valid authentication cookie using the appliance's publicly available TLS certificate. The entire attack is a single HTTP request.
- Exploitation was first observed May 17 in a customer environment. A second wave hit multiple victims within an hour of each other on May 21.
- CISA added it to the Known Exploited Vulnerabilities (KEV) catalog on May 29, mandating remediation.
- Palo Alto Networks is now actively monitoring exploitation attempts and urging all customers to patch or apply mitigations immediately.
Why it matters
- This is another network-edge authentication bypass on a device whose sole job is to guard the front door — following a pattern seen in prior PAN-OS exploitation waves.
- The simplicity of the exploit (single HTTP request, public TLS cert) means automated scanning and weaponization can spread rapidly once the technique is public.
- The initial medium severity rating likely contributed to slower patch adoption — a recurring theme where under-rated flaws lead to delayed response until active exploitation forces escalation.
- For teams operating AI infrastructure: if your GPU nodes, model servers, or data pipelines sit behind a PAN-OS firewall with GlobalProtect, this is a direct path for an unauthenticated attacker to reach those systems.
What to do
- Apply the PAN-OS patch from Palo Alto Networks immediately — this is in the CISA KEV catalog with mandatory remediation.
- If you cannot patch today, follow Palo Alto's mitigation guidance: disable authentication override cookies on GlobalProtect portals/gateways where possible.
- Review firewall logs for forged-cookie authentication patterns and investigate any unexpected VPN connections since mid-May.
- Audit which network segments are reachable from GlobalProtect-connected sessions — ensure AI workloads are in segmented subnets with additional access controls.