CVE-2026-0257: The Critical Palo Alto GlobalProtect VPN Authentication Bypass Is Actively Exploited

This attack requires no user interaction and no privileges on the target system. It is exploitable over the network with low attack complexity, which explains its ultimate rating as a critical threat .

A Swift Severity Escalation from Medium to Critical

When Palo Alto Networks first published its advisory on May 13, 2026, it classified CVE-2026-0257 as a medium-severity vulnerability with a CVSS score of 7.8 . Many security news outlets continue to circulate this original rating.

However, a reanalysis by the National Vulnerability Database (NVD), followed by other government agencies, dramatically escalated the score. Effective May 29, 2026, NVD enriched the record and the authoritative government score was raised to a critical CVSS v3.1 rating of 9.1 . The Singapore Cyber Security Agency (CSA) and various CVE feeds now also reflect the 9.1 critical rating . This gap between the vendor's initial rating and the government's final rating is a crucial detail that led many organizations to deprioritize patching during the first weeks of exploitation.

The Attack Timeline: Two Waves from Vultr IPs

The timeline from disclosure to active exploitation was exceptionally short. Rapid7's Managed Detection and Response (MDR) team observed the first successful exploitations beginning on May 17, just four days after the advisory was published . By May 29, CISA added CVE-2026-0257 to its Known Exploited Vulnerabilities (KEV) catalog and set a mandatory remediation deadline for U.S. federal agencies: June 1, 2026 .

Two distinct waves of attack have been confirmed. The first wave originated from infrastructure hosted by Vultr on May 17-18, and a second wave followed from Dromatics Systems infrastructure on May 21 . Intelligence analysis indicates that consistent MAC addresses were used across both waves, suggesting a single threat actor is responsible . In every observed case, the attackers forged authentication override cookies to directly target the local administrator account on the compromised devices .

Crucially, while Rapid7 confirmed successful VPN connections were established across 8 out of 10 impacted MDR customers, investigators have not yet observed successful lateral movement from the compromised devices . This detail provides a small but critical window of opportunity for defenders to contain the intrusion before attackers move deeper into networks.

Proof-of-Concept and Affected Products

The risk is compounded by the public availability of exploit code. Multiple intelligence reports confirm that at least one, and likely multiple, proof-of-concept exploits exist on public repositories, lowering the barrier for additional attacks .

The affected products are clearly defined. The vulnerability impacts PAN-OS versions 10.2, 11.1, 11.2, and 12.1 on PA-Series and VM-Series firewalls, as well as Prisma Access . Two key product lines are explicitly not affected: Panorama management appliances and Cloud NGFW (Next-Generation Firewall) deployments .

Immediate Mitigation and Remediation Steps

Palo Alto Networks has released patches for all supported firmware branches. The updated software versions that contain the fix are the same patches that now enforce a rejection of the forged cookies .

The most comprehensive mitigation strategy involves four immediate actions.

First, upgrade PAN-OS to the latest patched version for your branch. The fixed releases for PAN-OS 12.1 include versions 12.1.4-h6 and 12.1.7; for 11.2, versions 11.2.4-h17, 11.2.7-h14, 11.2.10-h7, and 11.2.12; and similar corresponding versions exist for 11.1 and 10.2 . Prisma Access tenants should similarly be updated to the fixed versions.

Second, if authentication override cookies are not absolutely critical for your business operations, disable that feature entirely. This removes the vulnerable precondition entirely, not just the exploit .

Third, reconfigure the certificate deployment. Never reuse the same certificate for the HTTPS management interface and for GlobalProtect cookie encryption. Using a dedicated certificate for cookie encryption severs the mechanism by which a valid forgeable cookie can be constructed .

Fourth, begin active log auditing immediately. Look for anomalous session creation events, connections from unfamiliar IPs—particularly from known attacker infrastructure like the Vultr ASN—and unexpected authentication override cookie usage . With lateral movement not yet confirmed, log auditing is currently your best tool for identifying if a compromise has already occurred.

The June 1 CISA deadline is today. Organizations that have not yet applied these patches are now operating under a confirmed, actively exploited, critical-severity exposure. The window to patch before forensic investigation, rather than pre-emptive action, is closing.