A Palo Alto GlobalProtect authentication bypass vulnerability is being exploited in the wild just days after the vendor published fixes, with attackers forging authentication cookies to gain unauthenticated VPN access into corporate networks. The flaw, tracked as CVE-2026-0257, represents a textbook example of how initial severity assessments can underestimate real-world risk when an edge-facing appliance becomes an active target.
Key Takeaways
- CVE-2026-0257 enables remote attackers to bypass GlobalProtect VPN authentication using forged cookies without credentials, malware, or phishing
- Rapid7 MDR observed successful exploitation across numerous customers starting May 17, 2026, four days after Palo Alto published patches
- The vulnerability was added to CISA’s Known Exploited Vulnerabilities catalog on May 29, 2026, triggering federal remediation deadlines
- Palo Alto escalated the CVSS score to 7.8 and marked exploit maturity as “attacked,” despite initial medium-severity classification
- Rapid7 found no evidence of successful lateral movement from compromised devices, but emphasizes the flaw affects an organization’s “front door” to its network
How the Palo Alto GlobalProtect Authentication Bypass Works
The Palo Alto GlobalProtect authentication bypass exploits a cryptographic weakness in how the appliance handles authentication override cookies. Attackers can forge valid authentication cookies using nothing more than the appliance’s publicly available TLS certificate public key. The entire attack is a single HTTP request—no malware, no stolen credentials, no phishing required. An unauthenticated remote attacker simply needs to know the public key for the certificate used by the authentication override feature, then encrypt an arbitrary cookie and present it to the GlobalProtect gateway.
The vulnerability affects PAN-OS and Prisma Access when a specific configuration is present: organizations must have GlobalProtect authentication override cookies enabled in a way that allows forged cookies to be created. If the certificate used for cookie encryption is reused with other features such as the portal or gateway HTTPS service, an attacker can discover the public key and forge valid cookies without direct access to the appliance. This architectural flaw means the vulnerability is not limited to internal networks—any organization exposing GlobalProtect to the internet with the vulnerable configuration is at risk.
Rapid7 Observes Active Exploitation Within Days
Rapid7 MDR identified successful exploitation of CVE-2026-0257 across numerous customers, with the earliest observed attacks beginning on May 17, 2026. This is just four days after Palo Alto Networks disclosed the flaw on May 13, 2026, and published fixes and mitigation guidance. The speed of weaponization underscores how quickly threat actors move when an authentication bypass affects a high-value target like a VPN gateway.
Rapid7’s analysis uncovered evidence of two waves of attack infrastructure: Vultr-hosted infrastructure deployed on May 18, followed by a second wave from Dromatics Systems on May 21. Some attacks resulted in VPN access to internal networks, while many attempts failed to establish a full VPN session even though devices accepted the malicious cookies. Despite successful exploitation, Rapid7 reported no indication of successful lateral movement from the compromised devices—a critical finding that suggests attackers were still in early reconnaissance phases or that organizations with additional network controls prevented deeper compromise.
Why Initial Severity Assessment Missed the Mark
Palo Alto Networks initially assigned CVE-2026-0257 a medium CVSS score, a rating that fundamentally misrepresented the risk to enterprise security teams. Rapid7 disagreed sharply with this assessment, arguing that organizations should treat the flaw as critical despite its medium severity rating because it affects an edge-facing enterprise VPN appliance whose sole job is to guard the front door to an organization’s network. When an authentication bypass targets the perimeter itself—not an internal service—the functional impact transcends the numerical score.
On May 29, 2026, Palo Alto updated its advisory and increased the CVSS score to 7.8, marking exploit maturity as “attacked” and assigning its highest urgency rating. This escalation came after CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog on the same day, triggering mandatory remediation deadlines for federal civilian agencies. The gap between initial disclosure and active exploitation, combined with federal urgency, forced organizations to treat the vulnerability as critical regardless of the published score.
Remediation Urgency and Patch Status
Organizations with affected PAN-OS or Prisma Access deployments face a narrow window to remediate. Palo Alto Networks has published patches and mitigation guidance, and Rapid7 urges organizations to upgrade to vendor-supplied patches on an urgent basis. The company’s recommended action is to review affected GlobalProtect deployments, verify whether the vulnerable configuration is present, and apply available fixes as soon as possible.
Federal civilian agencies were directed to remediate by June 1, 2026, according to CISA’s KEV listing. This deadline reflects the government’s assessment of the vulnerability as a critical risk to federal networks. Organizations not yet patched should prioritize this flaw above other pending security updates, particularly if their GlobalProtect instances are internet-facing or serve as primary VPN access points.
What Sets This Flaw Apart From Other VPN Vulnerabilities
The Palo Alto GlobalProtect authentication bypass differs from typical VPN flaws in its simplicity and scope. Unlike vulnerabilities requiring specific software versions, complex exploitation chains, or internal knowledge, this flaw can be exploited by any attacker with network access to the GlobalProtect gateway and knowledge of the appliance’s public TLS certificate. The certificate is public by definition—it is presented during any HTTPS handshake. This means the barrier to exploitation is extraordinarily low compared to other enterprise VPN vulnerabilities that might require credential theft or multi-stage attacks.
The authentication override feature itself is a legitimate security mechanism, intended to allow administrators to reset access in emergency scenarios. The flaw lies not in the feature’s existence but in its cryptographic implementation, which assumes the private key remains secret. When organizations reuse the same certificate across multiple services, the assumption breaks down, and the public key becomes a master key for forging authentication cookies.
Is the Palo Alto GlobalProtect authentication bypass actively being exploited?
Yes. Rapid7 MDR observed successful exploitation across numerous customers starting May 17, 2026, just four days after Palo Alto published fixes. Two distinct waves of attack infrastructure were identified, with some attacks resulting in VPN access to internal networks.
Does the Palo Alto GlobalProtect authentication bypass affect all PAN-OS deployments?
No. The vulnerability requires a specific configuration: GlobalProtect authentication override cookies must be enabled in a way that allows forged cookies to be created. Organizations without this configuration are not at risk, though Palo Alto’s advisory provides guidance on verifying your deployment.
What should organizations do if they run Palo Alto GlobalProtect?
Review your GlobalProtect configuration immediately to determine if the vulnerable settings are present, then apply Palo Alto’s published patches or mitigation steps without delay. If you cannot patch immediately, implement network segmentation to restrict access to GlobalProtect gateways and monitor for suspicious VPN authentication patterns.
The Palo Alto GlobalProtect authentication bypass serves as a reminder that initial severity scores are starting points, not final verdicts. When active exploitation emerges within days of disclosure for a vulnerability affecting an organization’s security perimeter, the real-world risk has already surpassed the published metrics. Patching is not optional—it is the only reliable defense against an attack vector that requires nothing more than a public certificate and a single HTTP request.
Edited by the All Things Geek team.
Source: TechRadar


