Threat actors began targeting an authentication bypass vulnerability in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS just four days after public disclosure, Rapid7 warns.
Tracked as CVE-2026-0257 (CVSS score of 7.8), the high-severity security defect allows attackers to bypass restrictions and establish VPN connections to vulnerable appliances.
Palo Alto Networks released fixes for the bug on May 13, noting that it affects firewalls with GlobalProtect portal or gateway enabled, under certain configurations.
On Friday, the company updated its advisory to warn that threat actors are exploiting the flaw in the wild, and NIST flagged the issue as critical.
“Palo Alto Networks has become aware of limited exploit attempts on unpatched PAN-OS devices without mitigations applied,” the company says.
