WARNING: Active Exploitation of Palo Alto VPN Flaw

Source Domain: www.linkedin.com

Cybersecurity researchers and government agencies are sounding the alarm after attackers began actively exploiting a newly disclosed vulnerability affecting Palo Alto Networks’ widely used GlobalProtect VPN platform, raising fears of large-scale corporate network intrusions.

The flaw, tracked as CVE-2026-0257, affects PAN-OS software used in Palo Alto Networks firewall appliances and enables threat actors to bypass authentication protections under certain configurations. Security experts warn the vulnerability could allow unauthorized users to establish VPN connections into enterprise environments without possessing legitimate credentials.

The vulnerability was initially disclosed earlier this month with a “Medium” severity rating. However, Palo Alto Networks sharply escalated its assessment on Friday after confirming that hackers had already begun exploiting unpatched systems in real-world attacks.

The company now classifies the issue as “High” severity following evidence of active exploitation targeting internet-facing GlobalProtect gateways.

The development highlights growing concerns within the cybersecurity community over the speed at which attackers weaponize newly disclosed vulnerabilities, particularly those affecting remote access infrastructure widely deployed across corporate and government networks.