- Critical PAN‑OS flaw exploited in the wild
- Authentication bypass enables unauthorized VPN access
- CISA added CVE‑2026‑0257 to KEV catalog
A recently discovered vulnerability in PAN-OS, the operating system powering Palo Alto’s firewalls, is being actively exploited in the wild, researchers are saying, urging customers to apply the provided patch as soon as possible.
In mid-May this year, Palo Alto disclosed an authentication bypass flaw in the Global Protect portal and gateway that allows threat actors to work around security restrictions and establish an unauthorized VPN connection. The bug is now tracked as CVE-2026-0257, and assigned a severity score of 9.1/10 (critical).
Earlier this week, security researchers Rapid7 said they saw threat actors successfully leveraging this bug in attacks: “Rapid7 MDR identified successful exploitation across numerous customers, however we did not observe any indication of successful lateral movement from the devices,” Rapid7 said in its report. “The earliest date for observed exploitation was May 17, 2026. As of May 29, 2026, this vulnerability has been added to the CISA KEV.”
Added to CISA’s KEV
The news also prompted the US Cybersecurity and Infrastructure Security Agency (CISA) to add the bug to its Known Exploited Vulnerabilities (KEV) catalog, giving Federal Civilian Executive Branch (FCEB) agencies a deadline to patch up or stop using PAN-OS-powered devices entirely.
Initially, the bug was given a medium-severity score, but since it escalated into real-life attacks, the rating has been elevated as well:
“Palo Alto Networks has become aware of limited exploit attempts on unpatched PAN-OS devices without mitigations applied,” the company said.
Different versions of PAN-OS are affected: 12.1 versions earlier than 12.1.4-h6 or 12.1.7, 11.2 versions earlier than 11.2.4-h17, 11.2.7-h14, 11.2.10-h7, or 11.2.12, 11.1 versions earlier than 11.1.4-h33, 11.1.6-h32, 11.1.7-h6, 11.1.10-h25, 11.1.13-h5, or 11.1.15, and 10.2 versions earlier than 10.2.7-h34, 10.2.10-h36, 10.2.13-h21, 10.2.16-h7, or 10.2.18-h6.
Prisma Access 10.2 and 11.2 deployments running vulnerable releases are also vulnerable. Palo Alto issued a staggered patch schedule starting May 15, 2026, with additional updates rolling out through May 28–29, 2026 depending on the PAN-OS version.
Via The Register
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
https://cdn.mos.cms.futurecdn.net/jNA4KFmhg8oX9bYUYaaySG-1920-80.jpg
Source link
