CVE-2026-0257

CVE Database · CVE-2026-0257

CVE-2026-0257

· CRITICALModified

CVSS v3.1

9.1

CVSS v4.0

7.8

EPSS

18.58%

Published

May 13, 2026

Modified

May 29, 2026

CISA Known Exploited Vulnerability

Added: 2026-05-29 · Due: 2026-06-01

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (9)

All weaponized →

TrickestTrickest PoC index GitHub PoCsfewer-r7/CVE-2026-0257★20 GitHub PoCakashsingh0454/CVE-2026-0257-PoC★2 GitHub PoC0xBlackash/CVE-2026-0257★2 GitHub PoCtushargurav28/CVE-2026-0257★2

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Weaknesses (CWE)

CWE-565

Affected Products (189)

paloaltonetworks · pan-os (up to 10.2.7)vulnerable

paloaltonetworks · pan-osvulnerable

paloaltonetworks · pan-os

References (2)

https://security.paloaltonetworks.com/CVE-2026-0257

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0257

KEV Catalog EPSS Scores Vendors All CVEs

Mr-Robot-LP/CVE-2026-0257

paloaltonetworks · pan-osvulnerable