{"id":273376,"date":"2026-06-15T07:11:00","date_gmt":"2026-06-15T11:11:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/15\/palo-alto-warns-of-exploitation-of-vpn-bypass-exploits-cve-2026-0257-in-pan-os-flaw\/"},"modified":"2026-06-15T07:35:14","modified_gmt":"2026-06-15T11:35:14","slug":"palo-alto-warns-of-exploitation-of-vpn-bypass-exploits-cve-2026-0257-in-pan-os-flaw","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/15\/palo-alto-warns-of-exploitation-of-vpn-bypass-exploits-cve-2026-0257-in-pan-os-flaw\/","title":{"rendered":"Palo Alto Warns of Exploitation of VPN Bypass Exploits (CVE-2026-0257) in PAN-OS Flaw"},"content":{"rendered":"

Palo Alto Warns of Exploitation of VPN Bypass Exploits (CVE-2026-0257) in PAN-OS Flaw<\/a><\/p>\n

https:\/\/securityaffairs.com\/193638\/security\/palo-alto-warns-of-exploitation-of-vpn-bypass-exploits-cve-2026-0257-in-pan-os-flaw.html<\/a><\/p>\n

Publish Date: 2026-06-15 07:11:00<\/a><\/p>\n

Source Domain: securityaffairs.com<\/a><\/p>\n

Palo Alto Warns of Exploitation of VPN Bypass Exploits (CVE-2026-0257) in PAN-OS Flaw<\/h2>\n<\/p>\n

\t\t\t\t\t\t\t Pierluigi Paganini<\/span>
\n\t\t\t\t\t\t\t\"\"\/ June 15, 2026<\/span><\/p>\n

\t\t\t\t\t\t\"\"\/<\/p>\n

Palo Alto Networks warns that attackers are actively exploiting CVE-2026-0257, a PAN-OS flaw that lets unauthorized users bypass authentication and establish VPN connections.<\/h2>\n

Palo Alto Networks has confirmed active exploitation of CVE-2026-0257, a PAN-OS authentication bypass vulnerability affecting GlobalProtect portals and gateways. <\/p>\n

Palo Alto Networks\u00a0addressed the vulnerability\u00a0on May 13. Two weeks later, cybersecurity firm Rapid7 confirmed active exploitation across multiple customer environments. In early June, the U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added\u00a0the flaw\u00a0CVE-2026-0257 to its\u00a0Known Exploited Vulnerabilities (KEV) catalog.<\/p>\n

The flaw affects the GlobalProtect portal and gateway components of Palo Alto Networks PAN-OS, allowing attackers to bypass authentication and establish unauthorized VPN connections. The vulnerabilities do not affect Panorama or Cloud NGFW deployments.<\/p>\n

\u201cAuthentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS\u00ae software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection.\u201d\u00a0reads the advisory.<\/p>\n

If the same certificate is used for both the HTTPS service and the cookie encryption feature, which is a common misconfiguration, an attacker can grab the public key straight from the HTTPS session. Armed with that key, they can craft a cookie for any user, including the local admin account, that the device will accept as legitimate. No credentials required. Rapid7\u2019s Labs team built a proof-of-concept script that demonstrates this in full: retrieve the certificate chain, iterate through each certificate, forge a cookie, test it. The whole attack takes seconds against a vulnerable appliance.<\/p>\n

\u201cIf we look at…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Palo Alto Warns of Exploitation of VPN Bypass Exploits (CVE-2026-0257) in PAN-OS Flaw https:\/\/securityaffairs.com\/193638\/security\/palo-alto-warns-of-exploitation-of-vpn-bypass-exploits-cve-2026-0257-in-pan-os-flaw.html Publish…<\/p>\n","protected":false},"author":1,"featured_media":273378,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2020\/05\/Palo-Alto-Networks.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-273376","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/273376"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=273376"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/273376\/revisions"}],"predecessor-version":[{"id":273379,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/273376\/revisions\/273379"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/273378"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=273376"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=273376"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=273376"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}