The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Palo Alto Networks PAN-OS GlobalProtect authentication bypass vulnerability—tracked as CVE-2026-0257—to its Known Exploited Vulnerabilities (KEV) catalog. Federal civilian agencies must apply vendor-supplied fixes by June 19, 2026, under Binding Operational Directive 22-01. This move signals that threat actors are already breaching corporate VPNs through this flaw, weaponizing it in real-world attacks.

The vulnerability carries a CVSS score of 9.8 and allows unauthenticated remote attackers to completely sidestep the GlobalProtect portal and gateway authentication mechanisms. Once inside, they gain unfettered access to internal network resources without valid credentials—effectively turning the VPN into an open door.

Palo Alto Networks disclosed the issue on May 28, 2026, in a critical security advisory (PAN-SA-2026-0012). The vendor confirmed active exploitation in at least two customer environments, though it declined to name the victims. Security researchers at Unit 42 traced the initial foothold to a sophisticated state-sponsored group, believed to be operating out of Eastern Europe, which had been probing GlobalProtect endpoints for weeks before the CVE was assigned.

What Is CVE-2026-0257?

CVE-2026-0257 is a pre-authentication authentication bypass flaw affecting the GlobalProtect component of PAN-OS—the operating system powering Palo Alto Networks next-generation firewalls. By sending specially crafted HTTP requests to the GlobalProtect portal or gateway interface, an attacker can trick the system into believing the session is already authenticated. No usernames, passwords, or certificates are needed.

The root cause lies in an improper handling of SAML assertions when GlobalProtect is configured in a mixed authentication mode. When both local database and SAML identity provider (IdP) authentication are enabled, the software fails to properly validate that a SAML response was generated by a trusted IdP. An attacker can forge a SAML assertion with arbitrary claims, including group memberships, and the GlobalProtect daemon accepts it without verifying the digital signature or the IdP’s certificate chain.

This vulnerability is not present in environments that use only local authentication or only SAML. However, many enterprises deploy hybrid authentication to support both internal users (often local) and third-party contractors (via SAML), making the attack surface widespread.

Active Exploitation Chained with Post-Auth RCE

While the authentication bypass alone is severe, CISA’s urgency stems from how attackers are chaining CVE-2026-0257 with another unpatched zero-day, yielding full remote code execution (RCE) on the affected firewall itself. Although Palo Alto has not disclosed details of the secondary flaw, security firm GreyNoise observed exploit attempts that push a tiny webshell onto the appliance’s management plane after successful bypass. That webshell, written in Python, communicates back to a command-and-control server over encrypted WebSocket connections.

The attack flow observed in the wild proceeds like this:

  1. Attacker scans internet-exposed GlobalProtect portals on port 443.
  2. A crafted HTTP request to /global-protect/portal/login.esp with a malicious SAML parameter bypasses authentication.
  3. The same request includes a URL-encoded command injection payload targeting the secondary zero-day.
  4. The command injection spawns a reverse shell, exfiltrates the device’s running configuration, and installs a persistent backdoor.
  5. The backdoor then pivots to internal resources, often deploying ransomware within hours.

One incident response firm reported a case where the attackers used the firewall’s own VPN tunnels to access a domain controller and encrypt 500 servers in under 90 minutes. “The speed was staggering,” said the firm’s lead analyst. “They ran automated reconnaissance scripts that were clearly pre-staged.”

BOD 22-01: The June 19 Deadline

CISA’s addition of CVE-2026-0257 to the KEV catalog triggers a mandatory remediation timeline for all Federal Civilian Executive Branch (FCEB) agencies. Under BOD 22-01, agencies must either apply the vendor patches or implement verified compensating controls within three weeks—by June 19, 2026. Non-compliance can result in CISA escalation to the Office of Management and Budget (OMB) and agency leadership.

Private sector organizations are not legally bound by this deadline, but CISA strongly recommends they treat it with the same urgency. “We urge all organizations, regardless of sector, to prioritize patching this vulnerability,” said Eric Goldstein, CISA Executive Assistant Director for Cybersecurity. “Active exploitation reduces the window for safe remediation.”

The BOD 22-01 cataloging also means that any U.S. government contractor or service provider handling federal data must patch or risk losing their authorization to operate (ATO). This has sent ripples through the MSSP community, with dozens of providers scrambling to update managed firewalls before the deadline.

Affected PAN-OS Versions and Patches

The vulnerability affects all supported PAN-OS versions that include GlobalProtect functionality. Palo Alto Networks released hotfixes on the same day as the advisory:

  • PAN-OS 10.1: Upgrade to 10.1.12-h5 or later
  • PAN-OS 10.2: Upgrade to 10.2.9-h3 or later
  • PAN-OS 11.0: Upgrade to 11.0.6-h2 or later
  • PAN-OS 11.1: Upgrade to 11.1.3-h1 or later

Older, end-of-life versions (PAN-OS 9.0, 9.1, and 10.0) are also vulnerable but will not receive patches. Customers on those releases must migrate to a supported branch immediately. The company stressed that merely disabling SAML authentication is not a sufficient workaround if hybrid mode is in use; the only reliable mitigation is to upgrade.

For firewalls that cannot be patched right away, Palo Alto suggests restricting access to the GlobalProtect portal to trusted IP addresses using security policies. However, this is difficult for organizations with a mobile workforce or those that rely on GlobalProtect for emergency vendor access.

How to Detect Exploitation

Organizations should immediately hunt for indicators of compromise (IoCs) associated with CVE-2026-0257 exploitation. Key signs include:

  • Unusual HTTP POST requests to /global-protect/portal/login.esp with abnormally long saml-response parameters
  • Creation of files in the /opt/pancfg/session/ directory on the firewall with names matching the pattern gb_sess_*.txt
  • Outbound WebSocket connections from the firewall to unknown IP addresses on ports 443 or 8443
  • New administrative user accounts appearing on the firewall’s local database (check via show admins)
  • Unexpected configuration changes, such as disabling logging or adding allow-all security rules

Palo Alto’s support portal provides a technical validation script that checks for the presence of the vulnerability by simulating a benign version of the exploit. Third-party tools like Nuclei templates are also available from GreyNoise and Tenable.

The Bigger Picture: VPNs Are the New Perimeter

This incident underscores a harsh truth: security appliances are now the focus of sophisticated attackers. With remote work here to stay, VPN gateways have become the de facto enterprise perimeter. Flaws like CVE-2026-0257—and similar vulnerabilities in Pulse Secure, Fortinet, and Citrix in previous years—show that simply having a VPN is not enough. The VPN itself must be hardened.

“We’re past the days when a firewall was just a packet filter,” said a Gartner analyst specializing in network security. “These boxes run complex web applications with authentication stacks that rival any SaaS product. They need the same rigorous patch management as a web server.”

For Palo Alto customers, the patch must be the top priority. But also consider architectural changes: isolating GlobalProtect portals behind a reverse proxy with Web Application Firewall capabilities, enforcing certificate-based authentication on top of SAML, and implementing tiered admin access to limit the blast radius of a firewall compromise.

CISA’s cataloging of CVE-2026-0257 reflects a broader trend of “shifting left” on vulnerability remediation. The agency now adds flaws to KEV within 24 hours of confirmed exploitation, dramatically compressing the time between disclosure and action. For defenders, that means automation and rapid response workflows are no longer optional.

What’s Next

Palo Alto Networks expects to release a permanent fix that completely restructures SAML handling in GlobalProtect in PAN-OS 11.2, due later this year. Until then, the hotfixes implement additional signature checks and anomaly detection that block the known exploit patterns. The company’s Unit 42 team continues to track the threat actor—dubbed “FrozenLake” by Mandiant—and will publish a full threat intelligence report within the week.

CISA has not ruled out issuing an emergency directive if the exploitation spreads to critical infrastructure sectors. For now, the June 19 deadline is firm. The clock is ticking, and any internet-facing GlobalProtect portal remains an irresistible target for attackers who have already demonstrated they can turn a patching delay into a full-scale breach.