CRITICAL: Palo Alto Networks PAN-OS GlobalProtect Authentication Bypass Under Active Exploitation

The CISA Known Exploited Vulnerabilities deadline came and went yesterday, June 1, and if your federal agency or any organization that pays attention to KEV mandates is still running an unpatched GlobalProtect portal, you are officially out of time. CVE-2026-0257 is the kind of vulnerability that nobody wants in their perimeter device. It is an authentication bypass in Palo Alto Networks PAN-OS GlobalProtect, the VPN portal and gateway component that sits at the edge of countless enterprise networks and proxies user credentials into the internal environment. Rapid7 watched it get exploited in customer environments starting May 17, observed a second wave on May 21, and attributed both campaigns to the same adversary working through a specific cookie validation flaw that has been quietly present in PAN-OS for some time.

The technical lineage is almost embarrassing. The root cause is classified as CWE-565, "Reliance on Cookies without Validation and Integrity Checking," which is the kind of weakness security textbooks use as a cautionary tale rather than something you expect to find in a flagship firewall. When GlobalProtect is configured with the authentication override feature and a particular certificate setup, the portal accepts an attacker-crafted cookie as if it were a legitimately issued one. The attacker does not need credentials. The attacker does not need a foothold. The attacker needs a network path to your GlobalProtect portal, which by definition is exposed to the internet, and a request that mimics the right cookie shape. That is enough to be assigned an internal VPN IP address and start moving.

NVD scored the bug at CVSS 9.1 under version 3.1, putting it firmly in the critical band. Palo Alto Networks scored it at 7.8 under the newer CVSS 4.0 framework, calling it high severity in their own advisory. There is going to be debate about which number is more honest, and the answer almost does not matter, because the only score that should drive your response is the one CISA assigned when they added the CVE to the Known Exploited Vulnerabilities catalog with a hard federal remediation deadline of June 1, 2026. That deadline expired roughly eighteen hours ago. The exploitation is real, the patches exist, and the calculus is simple.

Affected versions cover essentially every supported PAN-OS release branch. PAN-OS 12.1 is vulnerable before 12.1.4-h6 or 12.1.7. The 11.2 branch needs to be on 11.2.4-h17, 11.2.7-h14, 11.2.10-h7, or 11.2.12 to be considered patched. The 11.1 branch is more fragmented and includes fixes at 11.1.4-h33, 11.1.6-h32, 11.1.7-h6, 11.1.10-h25, 11.1.13-h5, and 11.1.15. PAN-OS 10.2 customers, who tend to be the ones running long-lived production firewalls, need to reach 10.2.7-h34, 10.2.10-h36, 10.2.13-h21, 10.2.16-h7, or 10.2.18-h6 depending on which hotfix train they are riding. Prisma Access customers on 11.2.0 must reach 11.2.7-h13, and those still on 10.2.0 need 10.2.10-h36. Cloud NGFW and Panorama appliances are not affected, which is one of the few pieces of good news in this advisory.

There is a wrinkle that organizations should not gloss over. The patch regenerates the authentication override cookies using a stronger cryptographic process, which means every user who had a valid session prior to the upgrade will be forced to authenticate again the first time they reconnect. That is a small price for closing the bug, but help desks should expect an inbox full of "my VPN broke" tickets on the morning the upgrade lands. Communicating the change before the maintenance window is the difference between a smooth rollout and a Monday morning blame storm.

For organizations that cannot patch immediately because of change control, regulatory testing requirements, or the perennial issue of a firewall pair that has to be upgraded in a specific sequence to avoid an outage, Palo Alto Networks has provided a credible interim mitigation. Disabling the authentication override cookie option in the portal configuration removes the attacker's primary vector. If business processes depend on that feature being on, the alternative is to generate a brand new certificate that is used exclusively for the authentication override functionality and is not shared with any other portal component. That binding makes the attack significantly harder to pull off because the attacker no longer has a predictable cookie format to forge. Neither workaround is a substitute for the patch, but either one will buy the window needed to plan a real upgrade.

Detection is where most defenders are going to struggle, because the exploit produces traffic that looks superficially like a normal GlobalProtect connection. The attackers Rapid7 observed were not crashing the portal or generating screaming volumes of failed authentications. They were quietly establishing sessions, receiving internal VPN IP allocations, and then sitting on those sessions. The most useful signals for hunting are the connection records themselves. Any GlobalProtect session that produces a VPN IP allocation without a corresponding authentication event in the user log, any session originating from an unusual ASN that has never previously connected for that user, and any cookie reuse pattern that suggests session replay are all worth investigating. If your SIEM ingests PAN-OS authd logs, run a search for successful portal connections that lack a matching userid mapping event in the same window. That gap is the fingerprint of cookie-based authentication bypass. Network telemetry showing internal scanning or SMB enumeration from VPN IP pools shortly after a session establishment is the second tripwire, since the threat actor's likely next move is to begin reconnaissance against internal targets.

Rapid7 publicly noted that in the environments where they confirmed exploitation, they did not observe follow-on activity at the time of reporting. That is either good news or extremely bad news depending on how you read it. The optimistic interpretation is that the adversary was opportunistically harvesting access and had not yet acted on it. The pessimistic interpretation is that the adversary established a beachhead, took quiet notes about the environment, and is waiting for a moment of their choosing. Either way, the assumption needs to be that any organization running a vulnerable configuration during the May 17 to present window may have had unauthorized VPN sessions established. Reviewing connection logs for that window is mandatory. Rotating any credentials that touched internal services accessible from VPN IP space is a defensible precaution given the uncertainty.

The broader story here matches a pattern that has dominated 2026. Perimeter security devices keep producing critical authentication bypass vulnerabilities, attackers keep operationalizing them within days of disclosure, and CISA keeps adding them to the KEV catalog with aggressive deadlines. Ivanti, Fortinet, Citrix, and now Palo Alto Networks have each had their turn in the rotation. Every one of these flaws shares a structural feature, which is that the vulnerable device sits at the network edge with no protection in front of it and full authority over internal access decisions. The lesson is not that any one vendor is uniquely terrible. The lesson is that the security model of a single network appliance acting as the front door to the corporate network is fragile, and zero trust architectures that assume the perimeter will be breached are the structural answer to a recurring tactical problem.

For MSPs and managed security providers, this is exactly the kind of incident that justifies the existence of a managed firewall service. Clients on a co-managed plan get the upgrade scheduled, the workarounds applied, the log review performed, and the user communication drafted while their internal IT team focuses on the rest of their day. Clients without that service get to discover the CVE on Twitter, panic at four in the afternoon, and then call you for help. There is a real conversation to be had at the next quarterly review about pricing in proactive vulnerability response as a line item rather than a favor. The Palo Alto Networks customers who got patched in the first 72 hours after disclosure are the ones whose MSPs treat the CISA KEV catalog as an actionable feed rather than a newsletter, and that operational difference is sellable.