Palo Alto Networks Cybersecurity Flaw Exposed for Weeks
Palo Alto Networks Alert: Threat Actors Began Targeting Authentication Bypass Vulnerability Four Days Post-Disclosure
A critical security vulnerability in Palo Alto Networks’ PAN-OS, tracked as CVE-2026-0257, was identified by Rapid7 just four days after public disclosure.
- This high-severity security defect enables attackers to bypass restrictions and establish VPN connections to vulnerable appliances.
- Palo Alto Networks released fixes for the bug on May 13, warning that it affects firewalls with GlobalProtect portal or gateway enabled, under certain configurations.
Rapid7’s Observations and Recommendations
Rapid7 reported that threat actors initiated exploitation efforts against unpatched PAN-OS devices without mitigations applied on May 21.
The US Cybersecurity and Infrastructure Security Agency (CISA) added the CVE to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch it by June 1.
Available Resources for Affected Organizations
A proof-of-concept (PoC) script has been published to aid organizations in identifying vulnerable Palo Alto Networks firewalls within their environments.
- Indicators of Compromise (IoCs) have also been released to assist defenders in detecting potential compromises.
- The company encourages affected organizations to update to a patched iteration as soon as possible.
Actionable Steps for Affected Organizations
Multiple versions of Palo Alto Networks software have received patches, including:
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- Prisma Access 11.2.0
- Prisma Access 10.2.0
Organizations should prioritize updating these systems to prevent exploitation of the vulnerability.
About Author
English