Auth Bypass in PAN-OS GlobalProtect Portal/Gateway: CVE-2026-0257 May 2026

Auth Bypass in PAN-OS GlobalProtect Portal/Gateway
CVE-2026-0257 Published on May 13, 2026

PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

Timeline

2026-05-13

Initial publication.

Weakness Type

Reliance on Cookies without Validation and Integrity Checking

The application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user. Attackers can easily modify cookies, within the browser or by implementing the client-side code outside of the browser. Reliance on cookies without detailed validation and integrity checking can allow attackers to bypass authentication, conduct injection attacks such as SQL injection and cross-site scripting, or otherwise modify inputs in unexpected ways.

Products Associated with CVE-2026-0257

stack.watch emails you whenever new vulnerabilities are published in Palo Alto Networks PAN-OS or Palo Alto Networks Prisma Access. Just hit a watch button to start following.

Affected Versions

Version All is unaffected.

Version 12.1.0 and below 12.1.7, 12.1.4-h6 is affected.

Version 11.2.0 and below 11.2.12, 11.2.10-h7, 11.2.7-h14, 11.2.4-h17 is affected.

Version 11.1.0 and below 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33 is affected.

Version 10.2.0 and below 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34 is affected.

Version 10.2.0 and below 10.2.10-h36 is affected.

Version 11.2.0 and below 11.2.7-h13 is affected.

Exploit Probability

EPSS

0.05%

Percentile

17.10%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.