Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks.
The company fixed the CVE-2026-0257 flaw earlier this month, warning that it could be used to establish unauthorized VPN connections on the device.
"GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection," reads Palo Alto's advisory.
The flaw received a Medium severity rating because it requires devices to be configured with authentication override cookies enabled and a specific certificate configuration.
However, on Friday, Palo Alto Networks updated the advisory to warn that the flaw was now being actively exploited in attacks against unpatched devices, raising the severity rating to High.
