Palo Alto Networks has confirmed active exploitation of CVE-2026-0257, an authentication bypass vulnerability (CVSS 7.8) affecting the GlobalProtect portal and gateway components of PAN-OS. An unknown threat actor is leveraging the flaw to gain unauthorised access to GlobalProtect VPN portals. This is particularly concerning as GlobalProtect is widely deployed as a primary remote access solution across enterprise environments.

Security Architect’s Take: Prioritise patching PAN-OS to the fixed version immediately, and in the interim restrict access to the GlobalProtect portal to trusted IP ranges or enable Threat Prevention profiles to block known exploit signatures if a Threat Prevention licence is in place.

Original advisory: Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw