- Critical PAN-OS flaw exploited in the wild
- Authentication Bypass Allows Unauthorized VPN Access
- CISA added CVE-2026-0257 to the KEV catalog
A recently discovered vulnerability in PAN-OS, the operating system that powers Palo Alto’s firewalls, is being actively exploited in the wild, researchers say, urging customers to apply the provided patch as soon as possible.
In mid-May of this year, Palo Alto disclosed an authentication bypass flaw in the Global Protect portal and gateway that allows threat actors to bypass security restrictions and establish an unauthorized VPN connection. The bug is now tracked as CVE-2026-0257 and assigned a severity score of 9.1/10 (critical).
Earlier this week, Rapid7 security researchers said they saw threat actors successfully exploiting this bug in attacks: “Rapid7 MDR identified a successful exploit on numerous customers, however, we did not observe any indication of successful lateral movement of devices,” Rapid7 said in its report. “The earliest date for observed exploitation was May 17, 2026. As of May 29, 2026, this vulnerability was added to the CISA KEV.”
Added to CISA KEV
The news also led the US Cybersecurity and Infrastructure Security Agency (CISA) to add the bug to its catalog of Known Exploited Vulnerabilities (KEV), giving Federal Civil Executive Branch (FCEB) agencies a deadline to patch or stop using PAN-OS-powered devices entirely.
Initially, the bug received a medium severity score, but since it became real-life attacks, the rating has also been raised:
“Palo Alto Networks has become aware of limited exploitation attempts on unpatched PAN-OS devices with no mitigations applied,” the company said.
Different versions of PAN-OS are affected: versions 12.1 before 12.1.4-h6 or 12.1.7, versions 11.2 before 11.2.4-h17, 11.2.7-h14, 11.2.10-h7 or 11.2.12, versions 11.1 before 11.1.4-h33, 11.1.6-h32, 11.1.7-h6, 11.1.10-h25, 11.1.13-h5 or 11.1.15 and 10.2 versions earlier than 10.2.7-h34, 10.2.10-h36, 10.2.13-h21, 10.2.16-h7 or 2.10.18-h6.
Prisma Access 10.2 and 11.2 deployments running vulnerable versions are also vulnerable. Palo Alto issued a staggered patch schedule starting May 15, 2026, with additional updates rolling out from May 28 to May 29, 2026, depending on the PAN-OS version.
Through The Registry
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
