CVE-2026-0257

⛔ critical

Summary

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

CVSS Score

9.1

Critical

EPSS Score

60.5

Exploit Probability

Published Date

2026-05-13

First Seen: 2026-05-17

📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 87.7% of all 327,350 vulnerabilities in our database.

#40,209

Top 25% most severe

Severity Percentile

🎯 CISA SSVC Assessment Updated: May 28, 2026

🔍 Exploitation Status

Active

Exploits detected in the wild

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Total

Complete system compromise possible

🏆 Discovered By

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue. (other)

SSVC data provided by CISA

Last Modified 2026-06-09

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS Vector 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Red

CWE IDs (Weakness Types)

CWE-565

📦 Affected Products 47

Vendor	Product	Status	Affected Versions
paloaltonetworks	pan-os	Affected	< 10.2.7
paloaltonetworks	pan-os	Affected	v10.2.10
paloaltonetworks	pan-os	Affected	v10.2.11
paloaltonetworks	pan-os	Affected	v10.2.12
paloaltonetworks	pan-os	Affected	v10.2.13
paloaltonetworks	pan-os	Affected	v10.2.14
paloaltonetworks	pan-os	Affected	v10.2.15
paloaltonetworks	pan-os	Affected	v10.2.16
paloaltonetworks	pan-os	Affected	v10.2.17
paloaltonetworks	pan-os	Affected	v10.2.18
paloaltonetworks	pan-os	Affected	v10.2.7
paloaltonetworks	pan-os	Affected	v10.2.8
paloaltonetworks	pan-os	Affected	v10.2.9
paloaltonetworks	pan-os	Affected	v11.1.0
paloaltonetworks	pan-os	Affected	v11.1.1
paloaltonetworks	pan-os	Affected	v11.1.10
paloaltonetworks	pan-os	Affected	v11.1.11
paloaltonetworks	pan-os	Affected	v11.1.12
paloaltonetworks	pan-os	Affected	v11.1.13
paloaltonetworks	pan-os	Affected	v11.1.14
paloaltonetworks	pan-os	Affected	v11.1.2
paloaltonetworks	pan-os	Affected	v11.1.3
paloaltonetworks	pan-os	Affected	v11.1.4
paloaltonetworks	pan-os	Affected	v11.1.5
paloaltonetworks	pan-os	Affected	v11.1.6
paloaltonetworks	pan-os	Affected	v11.1.7
paloaltonetworks	pan-os	Affected	v11.1.8
paloaltonetworks	pan-os	Affected	v11.1.9
paloaltonetworks	pan-os	Affected	v11.2.0
paloaltonetworks	pan-os	Affected	v11.2.1
paloaltonetworks	pan-os	Affected	v11.2.10
paloaltonetworks	pan-os	Affected	v11.2.11
paloaltonetworks	pan-os	Affected	v11.2.2
paloaltonetworks	pan-os	Affected	v11.2.3
paloaltonetworks	pan-os	Affected	v11.2.4
paloaltonetworks	pan-os	Affected	v11.2.5
paloaltonetworks	pan-os	Affected	v11.2.6
paloaltonetworks	pan-os	Affected	v11.2.7
paloaltonetworks	pan-os	Affected	v11.2.8
paloaltonetworks	pan-os	Affected	v11.2.9
paloaltonetworks	pan-os	Affected	v12.1.2
paloaltonetworks	pan-os	Affected	v12.1.3
paloaltonetworks	pan-os	Affected	v12.1.4
paloaltonetworks	pan-os	Affected	v12.1.5
paloaltonetworks	pan-os	Affected	v12.1.6
paloaltonetworks	prisma_access	Affected	v-
siemens	ruggedcom_ape1808_firmware	Affected	v-

🔗 References 3

https://security.paloaltonetworks.com/CVE-2026-0257

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa...

Third Party Advisory

https://www.cisa.gov/known-exploited-vulnerabilities...

US Government Resource

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-0300	⛔ critical	9.8	5.3	A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networ...	2026-05-06
CVE-2026-24858	⛔ critical	9.8	4.0	An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnaly...	2026-01-27
CVE-2026-0227	⚠️ high	7.5	0.1	A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (...	2026-01-15
CVE-2025-59718	⛔ critical	9.8	12.1	A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 ...	2025-12-09
CVE-2025-4614	ℹ️ low	2.7	0.1	An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator t...	2025-10-09
CVE-2025-4615	⚠️ high	7.2	0.1	An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® softwa...	2025-10-09

These CVEs affect the same products