- Palo Alto Networks has confirmed active exploitation of a critical VPN vulnerability, CVE-2026-0257, allowing unauthorized access.
- The vulnerability, which affects PAN-OS software, enables attackers to bypass authentication and set up unauthorized VPN connections.
- Federal agencies were ordered to patch the flaw by June 1, 2026, after the U.S. Cybersecurity and Infrastructure Security Agency added it to a known exploited vulnerabilities catalog.
Palo Alto Networks revealed on June 15, 2026, that unknown threat actors are actively exploiting a severe GlobalProtect portal vulnerability to gain unauthorized network access. This flaw, tracked as CVE-2026-0257, is an authentication bypass in PAN-OS software with a CVSS score of 7.8.
According to the network security company, this security defect lets attackers bypass controls and initiate VPN connections. Consequently, the vulnerability has been used in limited, targeted attacks first observed on May 17, 2026.
“No post-access behavior or lateral movement has been identified as of this time,” Palo Alto Networks said. The firm noted that only a small portion of probed devices successfully established VPN gateway-connected events.
Meanwhile, the company has released indicators of compromise, including suspicious IP addresses and host names. It also urges customers to search logs for specific client configuration values from a proof-of-concept exploit.
However, the entity behind these exploitation efforts remains unidentified. Late last month, the U.S. Cybersecurity and Infrastructure Security Agency added this flaw to its Known Exploited Vulnerabilities catalog.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
