- Critical PAN‑OS flaw exploited in the wild
- Authentication bypass allows unauthorized VPN access
- CISA added CVE‑2026‑0257 to the KEV catalog
A recently discovered vulnerability in PAN-OS, the operating system that powers Palo Alto’s firewalls, is being actively exploited, researchers say, urging customers to apply the provided patch as soon as possible.
In mid-May of this year, Palo Alto disclosed an authentication bypass flaw in the Global Protect portal and gateway that allows malicious actors to bypass security restrictions and establish an unauthorized VPN connection. The bug is now tracked as CVE-2026-0257 and assigned a severity score of 9.1/10 (critical).
Earlier this week, Rapid7 security researchers said they had seen malicious actors successfully exploit this bug in attacks: “Rapid7 MDR has identified successful exploitation across many customers, but we have not observed any indication of successful lateral movement of devices,” Rapid7 said in its report. “The first observed exploitation date was May 17, 2026. As of May 29, 2026, this vulnerability was added to CISA KEV.”
Added to CISA KEV
The news also prompted the US Cybersecurity and Infrastructure Security Agency (CISA) to add the bug to its Catalog of Known Exploited Vulnerabilities (KEVs), giving Federal Civilian Executive Branch (FCEB) agencies a deadline to patch or completely stop using PAN-OS-powered devices.
Initially, the bug was given a medium severity rating, but since it turned into real attacks, the rating has also been high:
“Palo Alto Networks has become aware of limited exploitation attempts on unpatched PAN-OS devices without application of mitigation measures,” the company said.
Different versions of PAN-OS are affected: versions 12.1 prior to 12.1.4-h6 or 12.1.7, versions 11.2 prior to 11.2.4-h17, 11.2.7-h14, 11.2.10-h7 or 11.2.12, versions 11.1 prior to 11.1.4-h33, 11.1.6-h32, 11.1.7-h6, 11.1.10-h25, 11.1.13-h5 or 11.1.15 and 10.2 versions before 10.2.7-h34, 10.2.10-h36, 10.2.13-h21, 10.2.16-h7 or 10.2.18-h6.
Prisma Access 10.2 and 11.2 deployments running vulnerable versions are also vulnerable. Palo Alto has released a staggered update schedule starting May 15, 2026, with additional updates rolling out through May 28 and 29, 2026 depending on the PAN-OS version.
Via The register
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
