🚨 CRITICAL ALERT: Active Zero-Day Exploits

CVE-2026-0257 is a high-risk authentication bypass in Palo Alto Networks PAN-OS GlobalProtect portal and gateway components that can let an attacker establish an unauthorized VPN connection and bypass security restrictions.[1][2] Palo Alto Networks marks the issue as a critical vulnerability in CVSS v3 terms (9.8) and NVD shows it in CISA’s Known Exploited Vulnerabilities catalog, indicating active exploitation risk that requires immediate attention.[2][4]

Critical Vulnerabilities (CVSS >= 8.0)

• CVE-2026-0257 (CVSS: 9.1): Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS software allow an attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted. This CVE is listed in CISA KEV, making it an active exploitation concern.[1][2] View NVD | CISA KEV

⚡ Immediate Actions Required

Prioritize emergency review of all PAN-OS firewalls exposing GlobalProtect portal or gateway services, especially where authentication override cookies are enabled and the required certificate configuration exists.[1] Disable Authentication Override where operationally possible, or switch to a dedicated certificate for authentication override cookies as Palo Alto Networks recommends.[1] Confirm whether your systems fall within the affected PAN-OS versions and apply vendor guidance immediately, because KEV-listed vulnerabilities require urgent remediation and internet-facing VPN services are a prime target for unauthorized access.[1][2]