1 article
Palo Alto Networks has confirmed active exploitation of CVE-2026-0257, a critical authentication bypass in the GlobalProtect gateway that allows an unauthenticated attacker to establish VPN sessions as arbitrary users. CISA has added the flaw to the Known Exploited Vulnerabilities catalogue, and Palo Alto's Unit 42 has observed exploitation targeting government and critical infrastructure networks since at least 12 June.