LR pixel

Palo Alto Networks PAN-OS GlobalProtect Authentication Bypass

von | 12. Juni 2026 | Unkategorisiert | 0 Kommentare

What is the Vulnerability?

CVE-2026-0257 is a high-severity authentication bypass vulnerability affecting the GlobalProtect portal and gateway components of Palo Alto Networks PAN-OS and certain Prisma Access deployments. Successful exploitation allows an unauthenticated remote attacker to bypass security controls and establish unauthorized VPN connections without valid credentials. Palo Alto Networks, Unit 42, Rapid7, and other security researchers have confirmed active exploitation in the wild, prompting inclusion in CISA’s Known Exploited Vulnerabilities (KEV) catalog.

The vulnerability impacts deployments that use GlobalProtect authentication override cookies in combination with specific certificate configurations. Threat actors can forge or manipulate authentication cookies to circumvent normal authentication requirements and gain network access.

What is the recommended Mitigation?

Affected products include vulnerable versions of:

Palo Alto Networks PAN-OS with GlobalProtect enabled.

Prisma Access deployments running vulnerable releases.

According to Palo Alto Networks, Panorama and Cloud NGFW are not affected by this vulnerability.

Recommended Actions

• Upgrade PAN-OS and Prisma Access deployments to fixed versions identified by Palo Alto Networks.

• Disable authentication override cookies if operationally feasible.

• Review GlobalProtect configurations for affected authentication settings.

• Monitor VPN authentication logs for anomalous or unauthorized access.

• Investigate successful VPN connections originating from unexpected users, geographies, or devices.

• Validate that all externally exposed GlobalProtect gateways are fully patched.

What FortiGuard Coverage is available?

• FortiGuard Intrusion Prevention System (IPS) Service: Provides protection against exploitation attempts targeting CVE-2026-0257 and related GlobalProtect authentication bypass activity.

• FortiGuard Antivirus & Behavior Detection: Detects and blocks malware or post-compromise activity that may be delivered following unauthorized VPN access.

• FortiGuard Attack Surface Security Service: Helps identify externally exposed PAN-OS GlobalProtect services and vulnerable internet-facing assets.

• FortiGuard Incident Response Service: Assists organizations in investigating unauthorized VPN access, determining the scope of compromise, and supporting remediation efforts following exploitation.