Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
Palo Alto Networks has issued an urgent warning that threat actors are actively exploiting a critical authentication bypass vulnerability in PAN-OS GlobalProtect, tracked as CVE-2026-0257. The flaw allows unauthenticated remote attackers to bypass authentication mechanisms and gain unauthorized access to corporate networks. The company has released security updates for affected versions and strongly recommends immediate patching. According to BleepingComputer, the exploit is being used in real-world attacks, and organizations using GlobalProtect VPN should apply patches as soon as possible. No specific patch version or date was provided in the excerpt, but Palo Alto Networks typically provides updates through their security advisory portal. The vulnerability underscores the ongoing risk of VPN-related flaws being targeted by attackers to breach enterprise networks.
Developers must patch CVE-2026-0257 immediately to prevent unauthorized network access.