CVE-2026-0257
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection.
View on NVDAnalysis
Esta vulnerabilidad en Palo Alto Networks PAN-OS permite a atacantes saltarse la autenticación en GlobalProtect y establecer conexiones VPN no autorizadas. El fallo está siendo explotado activamente en el mundo real según el catálogo KEV de CISA. Es una amenaza crítica para la seguridad del acceso remoto y la infraestructura corporativa de red.
Relevant roles
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NCWE-565CISA KEV
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
EPSS
Affects
paloaltonetworks:pan-ospaloaltonetworks:prisma_accesssiemens:ruggedcom_ape1808_firmwaresiemens:ruggedcom_ape1808Technical description
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.