
CVE 2026 0257 PAN-OS GlobalProtect Authentication Bypass Active Exploitation
CVE-2026-0257 is an authentication bypass vulnerability in Palo Alto Networks PAN-OS GlobalProtect portal and gateway. When authentication override cookies share the same certificate as the HTTPS service, a remote unauthenticated attacker can retrieve the public key via TLS, forge a valid authentication cookie, and establish an unauthorized VPN connection. The flaw is rated CVSS 7.8 (HIGH) and classified as CWE-565; it affects PAN-OS 10.2 through 12.1 and Prisma Access when the authentication override feature is enabled.
Notes
<p style="margin: 0pt 0px; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-weight: 700; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">CONCLUSION</span></p><br><p style="margin: 0pt 0px; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">CVE-2026-0257 represents an actively weaponized authentication bypass in enterprise VPN infrastructure, with coordinated multi-wave exploitation confirmed across numerous organizations. The public availability of a working proof-of-concept significantly lowers the barrier for secondary waves.</span></p><br><p style="margin: 0pt 0px; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-variant: normal; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;"><a href="https://socradar.io/free-tools/ioc-radar" style="color: rgb(59, 130, 246);">SOCRadar IOC Radar </a></span><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">continuously monitors indicators related to this exploitation campaign. The </span><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-variant: normal; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;"><a href="https://socradar.io/products/cyber-threat-intelligence/" style="color: rgb(59, 130, 246);">Cyber Threat Intelligence </a></span><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">module tracks campaign evolution and threat actor profiling in real time.</span><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-variant: normal; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;"><a href="https://socradar.io/products/attack-surface-management/" style="color: rgb(59, 130, 246);"> Attack Surface Management </a></span><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">enables customers to identify internet-exposed GlobalProtect instances within their digital footprint, and </span><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-variant: normal; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;"><a href="https://socradar.io/products/dark-web-monitoring/" style="color: rgb(59, 130, 246);">Dark Web Monitoring</a></span><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;"> tracks underground activity including potential sale of unauthorized VPN access to compromised networks.</span></p><div><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;"><br></span></div>
Mitigation
<p style="margin: 0pt 0px; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-weight: 700; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">MITIGATION</span></p><br><div align="left" style="margin-left: 0pt;"><table style="border-width: medium; border-style: none; border-color: currentcolor; border-image: initial; border-collapse: collapse;"><colgroup><col><col><col><col></colgroup><tbody><tr style="height: 22.5pt;"><td style="border-bottom: 0.416667pt solid rgb(0, 0, 0); vertical-align: top; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin: 0pt 0px; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Tactic</span></p></td><td style="border-bottom: 0.416667pt solid rgb(0, 0, 0); vertical-align: top; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin: 0pt 0px; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Technique</span></p></td><td style="border-bottom: 0.416667pt solid rgb(0, 0, 0); vertical-align: top; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin: 0pt 0px; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">ID</span></p></td><td style="border-bottom: 0.416667pt solid rgb(0, 0, 0); vertical-align: top; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin: 0pt 0px; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Reference</span></p></td></tr><tr style="height: 33.75pt;"><td style="border-bottom: 0.416667pt solid rgb(0, 0, 0); border-top: 0.416667pt solid rgb(0, 0, 0); vertical-align: top; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin: 0pt 0px; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Initial Access</span></p></td><td style="border-bottom: 0.416667pt solid rgb(0, 0, 0); border-top: 0.416667pt solid rgb(0, 0, 0); vertical-align: top; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin: 0pt 0px; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Exploit Public-Facing Application</span></p></td><td style="border-bottom: 0.416667pt solid rgb(0, 0, 0); border-top: 0.416667pt solid rgb(0, 0, 0); vertical-align: top; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin: 0pt 0px; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">T1190</span></p></td><td style="border-bottom: 0.416667pt solid rgb(0, 0, 0); border-top: 0.416667pt solid rgb(0, 0, 0); vertical-align: top; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin: 0pt 0px; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;"><a href="https://attack.mitre.org/techniques/T1190/" style="color: rgb(59, 130, 246);">T1190 ↗</a></span></p></td></tr><tr style="height: 27.75pt;"><td style="border-bottom: 0.416667pt solid rgb(0, 0, 0); border-top: 0.416667pt solid rgb(0, 0, 0); vertical-align: top; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin: 0pt 0px; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Initial Access</span></p></td><td style="border-bottom: 0.416667pt solid rgb(0, 0, 0); border-top: 0.416667pt solid rgb(0, 0, 0); vertical-align: top; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin: 0pt 0px; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">External Remote Services</span></p></td><td style="border-bottom: 0.416667pt solid rgb(0, 0, 0); border-top: 0.416667pt solid rgb(0, 0, 0); vertical-align: top; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin: 0pt 0px; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">T1133</span></p></td><td style="border-bottom: 0.416667pt solid rgb(0, 0, 0); border-top: 0.416667pt solid rgb(0, 0, 0); vertical-align: top; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin: 0pt 0px; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;"><a href="https://attack.mitre.org/techniques/T1133/" style="color: rgb(59, 130, 246);">T1133 ↗</a></span></p><br><br></td></tr><tr style="height: 27pt;"><td style="border-top: 0.416667pt solid rgb(0, 0, 0); vertical-align: top; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin: 0pt 0px; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Defense Evasion</span></p></td><td style="border-top: 0.416667pt solid rgb(0, 0, 0); vertical-align: top; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin: 0pt 0px; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Masquerading</span></p></td><td style="border-top: 0.416667pt solid rgb(0, 0, 0); vertical-align: top; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin: 0pt 0px; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">T1036</span></p></td><td style="border-top: 0.416667pt solid rgb(0, 0, 0); vertical-align: top; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin: 0pt 0px; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;"><a href="https://attack.mitre.org/techniques/T1036/" style="color: rgb(59, 130, 246);">T1036 ↗</a></span></p></td></tr></tbody></table></div><p style="margin: 0pt 0px; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;"> Defense Evasion Use Alternate T1550.004 </span><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;"> </span><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;"> <a href="https:" style="color: rgb(59, 130, 246);"> </a></span><a href="https:" style="color: rgb(59, 130, 246);"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">T1550.004 </span><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">↗</span></a></p><p style="margin: 0pt 0px; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;"> Authentication Material: </span><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;"><br></span><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;"> Web Session Cookie</span></p><div><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;"><br></span></div>