US Public Data LabU.S. public data, made readable
EN
日本語 English
Critical Known exploited (KEV) CVE-2026-0257

Authentication bypass in Palo Alto PAN-OS (CVE-2026-0257) — allows unauthorized VPN connections

Palo Alto Networks PAN-OS Added to KEV May 29, 2026 Federal remediation due 2026-06-01

An authentication-bypass vulnerability in Palo Alto Networks' firewall OS, PAN-OS, lets an attacker bypass security restrictions and establish an unauthorized VPN connection. CISA listed it as known-exploited (KEV) (CVSS 9.1 Critical).

Key facts

  • CVE IDCVE-2026-0257
  • CVSS base score9.1 CRITICAL
  • CVSS vectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Affected (vendor / product)Palo Alto Networks PAN-OS
  • CWECWE-565
  • ExploitationListed in CISA KEV (exploitation confirmed)
  • Remediation due2026-06-01 (U.S. federal civilian agencies, BOD 22-01)

Key points

  • Authentication-bypass vulnerability in PAN-OS (the OS for Palo Alto firewall products)
  • An attacker can bypass security restrictions and establish an unauthorized VPN connection
  • Compromise of a perimeter device = a foothold for internal intrusion. Listed in CISA KEV (CVSS 9.1 Critical)
  • Response: apply fixes/mitigations per the vendor advisory (disable the feature / discontinue use if not possible)
  • Federal civilian remediation deadline was a short June 1, 2026

CVE-2026-0257 is an authentication-bypass vulnerability in PAN-OS, the operating system that runs on Palo Alto Networks next-generation firewall products. It was added to CISA's KEV catalog on May 29, 2026 and is classified as CWE-565 (reliance on cookies without validation and integrity checking).

When exploited, an attacker bypasses the intended security restrictions and establishes an unauthorized VPN connection. Firewalls / VPN gateways sit at the boundary between the internal network and the outside; breaking through one hands the attacker a foothold for internal intrusion. Vulnerabilities in perimeter-defense products have repeatedly been exploited as the initial access vector in ransomware and state-linked attacks, so priority is high.

Key response: review Palo Alto Networks' official advisory (security.paloaltonetworks.com/CVE-2026-0257), identify affected PAN-OS versions, and apply the provided fixes/mitigations. If mitigations are unavailable, disabling the affected feature or discontinuing use of the product is an option (per the CISA BOD 22-01 process). The federal civilian remediation deadline was a short June 1, 2026; because this is an internet-facing perimeter device, the earliest possible action is advisable.

Why it matters

Many organizations place PAN-OS devices at the perimeter, and because they are internet-facing the impact is large. The priorities are asset inventory (knowing which PAN-OS devices are internet-exposed), prompt patching, and reviewing VPN logs.

FAQ

What is PAN-OS?
The operating system that runs on Palo Alto Networks next-generation firewall / VPN gateway products. It is widely used for enterprise perimeter defense.
How dangerous is it?
CVSS 9.1 (Critical), and CISA lists it as known-exploited. An authentication bypass on a perimeter device can be an entry point for internal intrusion, so it is a high-priority vulnerability.
What should I do?
Check affected versions in the Palo Alto official advisory and apply fixes/mitigations. If you cannot apply them, consider alternatives such as disabling the affected feature.

Sources (primary)

This article is an independent organization based on the U.S. official data below. Always verify the exact, latest details and applicability with the official and vendor sources.

#Firewall#VPN#Authentication bypass#Perimeter defense#Palo Alto

← Back to vulnerability alerts

Disclaimer: This site independently summarizes and classifies information based on official data sources. Always verify the latest and accurate information with the official sources. Content on finance, health, legal, and security is information, not advice. This site is not an official website of the U.S. government.