Hackers are exploiting Palo Alto GlobalProtect VPN authentication bypass (CVE-2026-0257)
Authentication bypass vulnerabilities (CVE-2026-0257) in Palo Alto Networks’ firewalls that the company disclosed on May 13 have been targeted in “limited exploit attemptsâ€. “Across multiple customers, Rapid7 observed successful exploitation via authentication probes using forged cookies, but the appliance accepted the cookie without a full VPN session being established in 8 out of 10 impacted [Managed Detection Response] customers.†The good news, though, is that the company hasn’t observed any indication of successful lateral movement … More
The post Hackers are exploiting Palo Alto GlobalProtect VPN authentication bypass (CVE-2026-0257) appeared first on Help Net Security.