Security

Palo Alto GlobalProtect CVE-2026-0257: the second 2026 network-perimeter auth bypass

Jorge de los Santos, CTO & Co-Founder · June 3, 2026 · 13 min read

CVE-2026-0257 is a CVSS 7.8 auth bypass in PAN-OS GlobalProtect. When the cert encrypting the override cookie is shared with another feature, an unauthenticated attacker can forge it and open a VPN session. Some victims got full internal-network access.

Palo Alto GlobalProtect CVE-2026-0257: the second 2026 network-perimeter auth bypass

An Authentication Bypass on the VPN Gateway Is a Bypass of the Perimeter Itself

CVE-2026-0257 is an authentication bypass in Palo Alto Networks PAN-OS and Prisma Access, rated CVSS 7.8, disclosed by the vendor on 2026-05-13. The affected surface is GlobalProtect — the remote-access VPN portal and gateway that, for a very large share of enterprises, is the network perimeter for a remote workforce. A flaw that lets an attacker walk through GlobalProtect without credentials is not a flaw in one feature. It is a flaw in the front door.

The mechanism is specific and worth getting right. GlobalProtect supports a non-default feature called authentication override, which lets the portal and gateway issue a session cookie — a bearer-token-style credential — to a user who has already authenticated, so the user does not have to re-authenticate on every connection. That cookie is encrypted and decrypted with a certificate. The vulnerability bites when that certificate is shared with another feature — most commonly the HTTPS service of the portal or gateway itself. When the same certificate is reused across both purposes, a remote, unauthenticated attacker can forge a valid authentication-override cookie and present it to the gateway as proof of a session that never happened.

The result is a remote, unauthenticated attacker establishing an unauthorized VPN connection through the gateway. No stolen password. No phished MFA token. A forged cookie, accepted by the gateway as if it were genuine.


See the IAN team run on your cloud. We connect to your AWS account via a scoped read-only role, run the Observe-tier agents, and leave you with a concrete audit report — cost waste, security exposure, compliance gaps, and a labor-offset estimate. You keep the findings regardless of next steps. Get a free infrastructure audit →


Two Waves, Four Days, and Full Internal-Network Access

The timeline is the part that should change how a security team budgets its week. Palo Alto disclosed the flaw on 2026-05-13. Rapid7’s managed-detection-and-response team observed active exploitation roughly four days later — the gap between “advisory published” and “attackers using it” measured in days, not months. A second wave of exploitation landed on 2026-05-21, assessed as likely the same threat actor, this time operating from a hosting provider.

The second wave is where the abstract severity became concrete operational damage. In that wave, some victims had full VPN IP assignments granted after the cookie authentication — meaning the forged session did not just get the attacker past the gateway, it placed them on the internal network with a routable address, with the same reach a legitimate remote employee would have. An authentication bypass on the VPN gateway is, in the worst realized case, direct internal-network access for an attacker who never held a credential.

A One-Day Window: The KEV Deadline Reads June 1

CISA added CVE-2026-0257 to the Known Exploited Vulnerabilities catalog on 2026-05-29, with a federal-civilian remediation deadline of 2026-06-01. Effectively a weekend.

That deadline is the operational fact, not a footnote. A KEV deadline is binding for federal civilian agencies and is the de-facto standard cyber-insurance underwriters and enterprise-security programs measure against. A near-immediate deadline on an actively exploited perimeter auth-bypass, against a product that sits at the literal edge of the network, is the clearest possible statement of the tempo the defense has to match. The fixed releases — among them PAN-OS 12.1.4-h6 / 12.1.7, 11.2.12, 11.1.15, and 10.2.18-h6 — only protect the instances actually upgraded, and the clock on exposure runs until each one is.

No quarterly patch cycle survives a weekend deadline on the VPN gateway. The only defense that operates on this timescale is one already watching the gateway inventory, already mapping the deadline to the affected version, and already moving on the reversible mitigations before a human finishes reading the advisory.

The Network-Perimeter Auth-Bypass Pattern Now Has Two 2026 Entries

This piece is the second corner of a pattern the IAN catalog opened with the Cisco Catalyst SD-WAN piece:

  • Cisco Catalyst SD-WAN CVE-2026-20182 put a CVSS 10.0 authentication bypass on the network control plane (the SD-WAN controller/manager) on the public exploitation record, with a three-day KEV deadline.
  • PAN-OS GlobalProtect CVE-2026-0257 now puts an authentication bypass on the network access perimeter (the remote-access VPN gateway) on it, with a near-immediate KEV deadline.

Read together, they are the same lesson from two adjacent surfaces: the device that decides who is trusted on the network is the highest-value target on the network. Compromise the SD-WAN controller and you reconfigure every edge device. Compromise the GlobalProtect gateway and you mint trusted network sessions at will. In both cases the attacker is not breaking into the network the slow way — they are subverting the thing that grants access to it, and inheriting the trust that surface confers. The attacker economics favor the access-granting surface over the assets behind it.

What a Defensible Network Perimeter Demands — and Why It Is Continuous

Take the access-granting-surface-as-target pattern as the operating assumption and a concrete set of obligations falls out, none satisfied by “we patched GlobalProtect.”

1. Continuous inventory of every perimeter and access-granting asset and its version. Which GlobalProtect portals and gateways, which SD-WAN controllers, which VPN concentrators and identity gateways exist, at what PAN-OS / firmware versions, reachable from where. A perimeter device you do not know you run is one you cannot patch by Monday.

2. Continuous configuration-risk reconciliation, not just version-watch. CVE-2026-0257 only bites when the authentication-override certificate is shared with another feature. That is a configuration condition, not just a version condition — so the watch has to read the actual config (is the override cert reused with the HTTPS service?) and flag the exploitable combination, not merely the vulnerable build number.

3. Continuous KEV-watch mapped to that inventory. The KEV catalog is the live exploitation signal; the gateway inventory is the exposure surface. The continuous join of the two — which KEV entry hits which running gateway, on which version, with which deadline — is the workload, and the next perimeter KEV entry is already being written.

4. Deadline-driven remediation under capability-tier governance. A weekend deadline cannot wait for a change-approval meeting. Reversible, scoped mitigations — rotating the shared certificate, separating the override cert from the HTTPS service, tightening gateway exposure — are Operate-tier actions that can auto-execute; the version upgrade itself is an Administer-tier action gated behind explicit approval. The governance model lets the fast actions run automatically while the irreversible ones stay human-controlled.

5. An immutable audit trail of every detection, config change, mitigation, and patch. A weekend KEV deadline on the VPN gateway is precisely the event internal audit, cyber-insurance underwriting, and federal-contracting compliance chains will demand an auditor-readable timeline of — when the entry appeared, when the affected gateway was identified, when the certificate was separated, when the upgrade confirmed.

Each obligation is a continuous workload across a surface that changes by the day. The aggregate exceeds what a stretched platform-security team can carry by hand against a one-day deadline and a two-wave exploitation curve.

How IAN Helps: A Security Agent on the Active Operational Layer

The active operational layer is the response. IAN runs a team of specialized agents rather than a dashboard that waits for a human to read it. A security agent runs continuous perimeter-asset inventory and KEV-watch, reads the actual gateway configuration to catch the exploitable certificate-sharing condition, joins the live exploitation signal to the running gateway list, and drives deadline-aware remediation as Operate- and Administer-tier work — auto-executing the scoped, reversible mitigations (certificate separation and rotation, exposure tightening) and gating the irreversible upgrades behind explicit approval. It coordinates with the resource-operations agent on the asset-and-topology map so the exposure calculation is current, and every action is appended to the immutable audit trail.

Because the interface is MCP-first, the engineers already living in Claude, Cursor, and Claude Code drive the layer from the clients they already use, and BYOK on the model keys means the customer’s inference spend stays in their own provider account while the orchestration is what they pay for.

The Three-Phase Rollout

Observe. The security agent connects read-only, inventories the perimeter and access-granting assets and their versions, reads their configuration for the exploitable certificate-sharing condition, and continuously reconciles them against the KEV catalog — surfacing exactly which entries hit which running gateways, with which deadline, no action taken.

Operate. With approval gates configured, the agent begins executing the reversible, in-policy mitigations the moment a KEV entry maps to a running gateway — separating and rotating the shared certificate, tightening exposure, queueing the version upgrade for approval — every step audited.

Cross-agent loop. The security agent, the resource-operations agent, and the compliance agent run as a coordinated team: the deadline drives the remediation, the topology drives the exposure, and the audit trail captures the whole timeline as a single reviewable record.

The 2026 read: the access-granting surface is the target, the deadline is a weekend, the exploitation curve arrived in two waves, and the only defense that operates on that timescale is the active operational layer.


Get a free infrastructure audit → | See pricing →

Next step: talk to the team

30 minutes. We'll look at your cloud together and scope what we'd take off your plate — see pricing.

Related Posts