Exploiting the PAN-OS GlobalProtect VPN vulnerability requires certain conditions, but adversaries have done so in two attack waves that started in mid-May.
June 1, 2026
Attackers are exploiting a security vulnerability in Palo Alto Networks' PAN-OS GlobalProtect VPN technology that allows them to bypass authentication and gain VPN access without valid credentials.
In May, Palo Alto Networks (PAN) disclosed and fixed the flaw, tracked as CVE-2026-0257, but it updated the advisory last week to note that there have been "limited exploit attempts on unpatched PAN-OS devices without mitigations applied."
That update came on the heels of research from Rapid7 that identified successful exploitation "across numerous customers" as early as May 17, according to a report, also published last week. And on May 29, the Cybersecurity and Infrastructure Security Agency (CISA) also added the flaw to its Known Exploited Vulnerabilities (KEV) catalog.
