GlobalProtect VPN Authentication Bypass Exploited by Hackers CVE 2026-0257
Hacker Exploits Palo Alto GlobalProtect VPN Authentication Bypass Vulnerability
A critical vulnerability discovered in Palo Alto Networks’ GlobalProtect VPN system has been exploited by hackers, allowing them to bypass authentication controls and gain unauthorized access to networks.
Vulnerability Details
- The vulnerability, identified as CVE-2026-0257, was publicly disclosed by Palo Alto Networks on May 13.
- Rapid7 researchers observed successful exploitation attempts using forged cookies, which were accepted by the appliance without establishing a full VPN session in eight out of ten affected customers.
- T
About Author
English