1. Home
  2. Vulnerabilities
  3. CVE-2026-0257
Known Exploited Vulnerability
9.1
CRITICAL CVSS 3.1
CVE-2026-0257
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability - [Actively Exploited]
Overview
Description

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

Details
INFO

Published Date :

May 13, 2026, 7:17 p.m.

Last Modified :

June 9, 2026, 12:47 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection.

Required Action :

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known Ransomware Campaign Use:

Unknown

Notes :

https://security.paloaltonetworks.com/CVE-2026-0257 ; https://nvd.nist.gov/vuln/detail/CVE-2026-0257

Impact
Affected Products

The following products are affected by CVE-2026-0257 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Palo_alto_networks pan-os
2 Palo_alto_networks prisma_access
3 Palo_alto_networks prisma_access
4 Palo_alto_networks pan-os
5 Palo_alto_networks cloud_ngfw
1 Paloaltonetworks pan-os
2 Paloaltonetworks prisma_access
1 Siemens ruggedcom_ape1808_firmware
2 Siemens ruggedcom_ape1808
: Total Affected Vendor : 3 | Products : 9
Scoring
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL [email protected]
CVSS 4.0 MEDIUM d6c1279f-00f6-4ef7-9217-f89ffe703ec0
CVSS 4.0 MEDIUM [email protected]
CVSS 4.0 HIGH [email protected]
Solution
Remediate authentication bypass by updating PAN-OS software to a fixed version.
  • Update PAN-OS software to a fixed version.
  • Apply vendor-provided security patches.
  • Restart affected GlobalProtect services.
Public PoC/Exploit Available at Github

CVE-2026-0257 has a 17 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-0257.

URL Resource
https://security.paloaltonetworks.com/CVE-2026-0257 Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-967325.html Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0257 US Government Resource
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-0257 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-0257 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
Ez4rd1x1/CVE-2026-0257

testing

Python

Updated: 1 week, 1 day ago
0 stars 0 fork 0 watcher
Born at : June 15, 2026, 6:49 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
grayxploit/CVE-2026-0257

GrayXploit Security research and defensive team validate this toolkit for CVE-2026-0257 (PAN-OS GlobalProtect Authentication Bypass). Includes vulnerability assessment, detection guidance, technical analysis, indicators of compromise (IOCs), and remediation validation resources for security teams and defenders.

bug-bounty bugbounty bugbounty-tool cissp cve offensive-security oscp paloaltonetworks redteam vulnerability-detection vulnerability-scanner grayxploit

Updated: 1 week, 6 days ago
0 stars 0 fork 0 watcher
Born at : June 10, 2026, 7:34 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
jenniferreire26/CVE-2026-0257

None

Updated: 1 week, 6 days ago
0 stars 0 fork 0 watcher
Born at : June 9, 2026, 11:16 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
tushargurav28/CVE-2026-0257

Palo Alto Networks PAN-OS contains an authentication bypass caused by flaws in the GlobalProtect portal and gateway, letting attackers establish unauthorized VPN connections, exploit requires network access to the portal or gateway.

Python

Updated: 2 weeks, 4 days ago
2 stars 0 fork 0 watcher
Born at : June 3, 2026, 7:54 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
bolubey/CVE-2026-0257

PAN-OS: GlobalProtect Authentication Bypass

cve-2026-0257

Python

Updated: 3 weeks ago
0 stars 0 fork 0 watcher
Born at : June 1, 2026, 12:02 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
Mr-Robot-LP/CVE-2026-0257

Exploits the CVE-2026-0257 vulnerability by forging a GlobalProtect authentication override cookie using the TLS server's public key.

Updated: 3 weeks ago
1 stars 0 fork 0 watcher
Born at : June 1, 2026, 5:57 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
jennydokumi30/CVE-2026-0257

None

Updated: 3 weeks, 1 day ago
0 stars 0 fork 0 watcher
Born at : June 1, 2026, 12:41 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
0xBlackash/CVE-2026-0257

CVE-2026-0257

Python

Updated: 2 weeks, 3 days ago
2 stars 0 fork 0 watcher
Born at : May 30, 2026, 9:04 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
HORKimhab/CVE-2026-0257

CVE-2026-0257 - PAN-OS

Python

Updated: 3 weeks, 2 days ago
0 stars 0 fork 0 watcher
Born at : May 30, 2026, 7:41 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
GrijalvoMarcoLaboral/GrijalvoMarcoLaboral

None

Python

Updated: 2 weeks, 3 days ago
0 stars 0 fork 0 watcher
Born at : May 27, 2026, 4:28 p.m. This repo has been linked 10 different CVEs too.
Profile Photo
Dragon-Lady/HereWeGoAgain-incident-scanner

Here We Go Again” is an active npm/PyPI supply-chain worm, not just a credential stealer.

JavaScript

Updated: 2 weeks, 2 days ago
2 stars 0 fork 0 watcher
Born at : May 12, 2026, 7:07 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
AtillaNedim/moira

Moira beobachtet die Welt und sammelt jeden Tag Spuren menschlicher Weiterentwicklung: Entdeckungen, Krisen, technische Sprünge, politische Entscheidungen, Konflikte und kulturelle Zeichen. Was an einem Tag Bedeutung trägt, schreibt sie nieder und bewahrt es im Archiv auf.

ai research web-agent

HTML SCSS

Updated: 1 week ago
0 stars 0 fork 0 watcher
Born at : May 3, 2026, 6:45 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
mrhenrike/FirewallXPL-Forge

Perimeter security exploitation framework — 164 modules covering FW, NGFW, UTM, WAF, VPN, NAC, LB, and OT/ICS firewalls (Fortinet, Cisco, Palo Alto, F5, Citrix, Check Point, SonicWall, Ivanti, Siemens, Moxa, +13 vendors). GPU-accelerated, ML-driven, async concurrency, Rich TUI.

exploitation-framework firewall ics-security ngfw ot-security penetration-testing pentest python red-team security-testing vpn-exploit vulnerability-scanner waf-bypass

Shell Makefile Python Lua

Updated: 2 weeks ago
0 stars 0 fork 0 watcher
Born at : April 5, 2026, 5:09 a.m. This repo has been linked 51 different CVEs too.
Profile Photo
homeofe/supply-chain-guard

Open-source supply-chain security scanner for npm, PyPI, and VS Code extensions. Detects GlassWorm and similar malware campaigns.

cli elvatis github-action glassworm malware-detection npm scanner security supply-chain

TypeScript JavaScript

Updated: 3 weeks ago
2 stars 2 fork 2 watcher
Born at : March 19, 2026, 2:46 a.m. This repo has been linked 5 different CVEs too.
Profile Photo
jpremchander/dskeeper

to keep up the GitHub contributions

Python

Updated: 1 week ago
1 stars 0 fork 0 watcher
Born at : Jan. 29, 2026, 7:27 p.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-0257 vulnerability anywhere in the article.

  • The Hacker News
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw

Palo Alto Networks has revealed that it has observed "active exploitation" of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portal ... Read more

Published Date: Jun 15, 2026 (1 week, 1 day ago)
  • The Hacker News
WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine

Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released. The ac ... Read more

Published Date: Jun 09, 2026 (1 week, 6 days ago)
  • The Hacker News
Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models

University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, gene ... Read more

Published Date: Jun 09, 2026 (1 week, 6 days ago)
  • The Hacker News
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now

Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS ... Read more

Published Date: Jun 09, 2026 (1 week, 6 days ago)
  • The Hacker News
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of ... Read more

Published Date: Jun 09, 2026 (2 weeks ago)
  • The Hacker News
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public

Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container. The flaw, CVE-2026 ... Read more

Published Date: Jun 08, 2026 (2 weeks ago)
  • The Hacker News
Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups

Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protoco ... Read more

Published Date: Jun 08, 2026 (2 weeks ago)
  • The Hacker News
VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances

A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD ... Read more

Published Date: Jun 08, 2026 (2 weeks, 1 day ago)
  • The Hacker News
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnera ... Read more

Published Date: Jun 06, 2026 (2 weeks, 3 days ago)
  • The Hacker News
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available

Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation. The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out ... Read more

Published Date: Jun 06, 2026 (2 weeks, 3 days ago)
  • SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 23

The Good | Fraud Networks Disrupted, Crypto Exchanges Sanctioned & Doxer Arrested This week, the DoJ’s Scam Center Strike Force unveiled results from “Disruption Week,” a first-of-its-kind joint initi ... Read more

Published Date: Jun 05, 2026 (2 weeks, 3 days ago)
  • SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 23

The Good | Fraud Networks Disrupted, Crypto Exchanges Sanctioned & Doxer Arrested This week, the DoJ’s Scam Center Strike Force unveiled results from “Disruption Week,” a first-of-its-kind joint initi ... Read more

Published Date: Jun 05, 2026 (2 weeks, 3 days ago)
  • The Hacker News
Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites

Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site com ... Read more

Published Date: Jun 05, 2026 (2 weeks, 4 days ago)
  • The Hacker News
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public

Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, a ... Read more

Published Date: Jun 04, 2026 (2 weeks, 4 days ago)
  • The Hacker News
ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories

It got stupid again.The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. For ... Read more

Published Date: Jun 04, 2026 (2 weeks, 4 days ago)
  • The Hacker News
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited ... Read more

Published Date: Jun 04, 2026 (2 weeks, 5 days ago)
  • The Hacker News
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same ... Read more

Published Date: Jun 03, 2026 (2 weeks, 5 days ago)
  • The Hacker News
Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)

Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI t ... Read more

Published Date: Jun 03, 2026 (2 weeks, 5 days ago)
  • The Hacker News
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user's NTLMv2 hash to the attacker. Like in the case of CVE-2026-33829, which impacted the ... Read more

Published Date: Jun 03, 2026 (2 weeks, 6 days ago)
  • The Hacker News
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerabil ... Read more

Published Date: Jun 03, 2026 (2 weeks, 6 days ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-0257 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Jun. 09, 2026

    Action Type Old Value New Value
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:ruggedcom_ape1808:-:*:*:*:*:*:*:*
    Added Reference Type siemens-SADP: https://cert-portal.siemens.com/productcert/html/ssa-967325.html Types: Third Party Advisory
  • CVE Modified by 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e

    Jun. 09, 2026

    Action Type Old Value New Value
    Added Reference https://cert-portal.siemens.com/productcert/html/ssa-967325.html
  • Modified Analysis by [email protected]

    Jun. 01, 2026

    Action Type Old Value New Value
    Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0257 Types: US Government Resource
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    May. 29, 2026

    Action Type Old Value New Value
    Added Date Added 2026-05-29
    Added Due Date 2026-05-29
    Added Required Action 2026-05-29
    Added Vulnerability Name 2026-05-29
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    May. 29, 2026

    Action Type Old Value New Value
    Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0257
  • Initial Analysis by [email protected]

    May. 29, 2026

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
    Added CPE Configuration OR *cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h14:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h17:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h18:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h21:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h27:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h10:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h16:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h3:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h4:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h5:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h7:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h4:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.17:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h24:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h4:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h5:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h7:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h13:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h15:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h17:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h18:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h25:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h10:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h14:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h17:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h19:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h2:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h20:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h21:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h22:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h3:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h4:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h6:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h7:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h10:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h11:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h12:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h4:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h5:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h6:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h7:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h8:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h9:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h2:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h3:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h4:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h7:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:12.1.2:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h5:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h16:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h14:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h30:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h31:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h18:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.14:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.15:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h6:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h5:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h32:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h27:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h32:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h23:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h25:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h29:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h10:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h12:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h21:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h9:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.11:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.12:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h2:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h3:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.14:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h2:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h4:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.8:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.9:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h2:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h3:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h4:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h5:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.11:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h15:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.5:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.6:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h10:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h11:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h12:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h8:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.8:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.9:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:12.1.3:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:12.1.5:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:12.1.6:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h2:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h3:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* versions up to (excluding) 10.2.7 *cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h6:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h13:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h5:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:a:paloaltonetworks:prisma_access:-:*:*:*:*:*:*:* OR cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* versions from (including) 10.2.0 up to (excluding) 10.2.10 cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h14:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h17:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h18:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h21:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h27:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:-:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h1:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h2:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h3:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h4:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h7:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* versions from (including) 11.2.0 up to (excluding) 11.2.7 cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h30:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h31:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h10:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h11:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h12:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h8:*:*:*:*:*:*
    Added Reference Type Palo Alto Networks, Inc.: https://security.paloaltonetworks.com/CVE-2026-0257 Types: Vendor Advisory
  • CVE Modified by [email protected]

    May. 29, 2026

    Action Type Old Value New Value
    Added CVSS V4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Red
    Removed CVSS V4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber
  • New CVE Received by [email protected]

    May. 13, 2026

    Action Type Old Value New Value
    Added Description Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.
    Added CVSS V4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber
    Added CWE CWE-565
    Added Reference https://security.paloaltonetworks.com/CVE-2026-0257
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
Base CVSS Score: 7.8
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Base CVSS Score: 9.1
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact