CVE-2026-0257

Description

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

CVSS Metrics

• v4.0•HIGH•Score: 7.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N/E:A/AU:N/R:A/V:D/RE:M/U:Red
• v4.0•HIGH•Score: 7.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Red
• v3.1•CRITICAL•Score: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Trends

Current EPSS score: 0.07%• Percentile: 20%

Techniques & Countermeasures

• CWE-565•Reliance on Cookies without Validation and Integrity Checking

  The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

Affected Systems

• palo alto networks•pan-os

  ≥ 12.1.0, < 12.1.7, 12.1.4-h6 | ≥ 11.2.0, < 11.2.12, 11.2.10-h7, 11.2.7-h14, 11.2.4-h17 | ≥ 11.1.0, < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33 | ≥ 10.2.0, < 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34

• palo alto networks•prisma access

  ≥ 10.2.0, < 10.2.10-h36 | ≥ 11.2.0, < 11.2.7-h13

• paloaltonetworks•pan-os

  < 10.2.7 | 10.2.7 | 10.2.7:h1 | 10.2.7:h12 | 10.2.7:h16 | 10.2.7:h18 | 10.2.7:h19 | 10.2.7:h21 | 10.2.7:h24 | 10.2.7:h3 | 10.2.7:h32 | 10.2.7:h6 | 10.2.7:h8 | 10.2.8 | 10.2.9 | 10.2.10 | 10.2.10:h10 | 10.2.10:h12 | 10.2.10:h14 | 10.2.10:h17 | 10.2.10:h18 | 10.2.10:h2 | 10.2.10:h21 | 10.2.10:h27 | 10.2.10:h3 | 10.2.10:h30 | 10.2.10:h31 | 10.2.10:h4 | 10.2.10:h5 | 10.2.10:h7 | 10.2.10:h9 | 10.2.11 | 10.2.12 | 10.2.13 | 10.2.13:h1 | 10.2.13:h10 | 10.2.13:h16 | 10.2.13:h18 | 10.2.13:h2 | 10.2.13:h3 | 10.2.13:h4 | 10.2.13:h5 | 10.2.13:h7 | 10.2.14 | 10.2.15 | 10.2.16 | 10.2.16:h1 | 10.2.16:h4 | 10.2.16:h6 | 10.2.17 | 10.2.18 | 10.2.18:h1 | 10.2.18:h5 | 11.1.0 | 11.1.1 | 11.1.2 | 11.1.3 | 11.1.4 | 11.1.4:h1 | 11.1.4:h13 | 11.1.4:h15 | 11.1.4:h16 | 11.1.4:h17 | 11.1.4:h18 | 11.1.4:h25 | 11.1.4:h27 | 11.1.4:h32 | 11.1.4:h4 | 11.1.4:h7 | 11.1.4:h9 | 11.1.5 | 11.1.6 | 11.1.6:h1 | 11.1.6:h10 | 11.1.6:h14 | 11.1.6:h17 | 11.1.6:h19 | 11.1.6:h2 | 11.1.6:h20 | 11.1.6:h21 | 11.1.6:h22 | 11.1.6:h23 | 11.1.6:h25 | 11.1.6:h29 | 11.1.6:h3 | 11.1.6:h4 | 11.1.6:h5 | 11.1.6:h6 | 11.1.6:h7 | 11.1.7 | 11.1.7:h1 | 11.1.7:h2 | 11.1.7:h4 | 11.1.8 | 11.1.9 | 11.1.10 | 11.1.10:h1 | 11.1.10:h10 | 11.1.10:h12 | 11.1.10:h21 | 11.1.10:h4 | 11.1.10:h5 | 11.1.10:h7 | 11.1.10:h9 | 11.1.11 | 11.1.12 | 11.1.13 | 11.1.13:h1 | 11.1.13:h2 | 11.1.13:h3 | 11.1.14 | 11.2.0 | 11.2.1 | 11.2.2 | 11.2.3 | 11.2.4 | 11.2.4:h1 | 11.2.4:h10 | 11.2.4:h11 | 11.2.4:h12 | 11.2.4:h14 | 11.2.4:h15 | 11.2.4:h2 | 11.2.4:h4 | 11.2.4:h5 | 11.2.4:h6 | 11.2.4:h7 | 11.2.4:h8 | 11.2.4:h9 | 11.2.5 | 11.2.6 | 11.2.7 | 11.2.7:h1 | 11.2.7:h10 | 11.2.7:h11 | 11.2.7:h12 | 11.2.7:h13 | 11.2.7:h2 | 11.2.7:h3 | 11.2.7:h4 | 11.2.7:h7 | 11.2.7:h8 | 11.2.8 | 11.2.9 | 11.2.10 | 11.2.10:h1 | 11.2.10:h2 | 11.2.10:h3 | 11.2.10:h4 | 11.2.10:h5 | 11.2.10:h6 | 11.2.11 | 12.1.2 | 12.1.3 | 12.1.4 | 12.1.4:h2 | 12.1.4:h3 | 12.1.4:h5 | 12.1.5 | 12.1.6

• paloaltonetworks•prisma_access

  na

References (2)

• https://security.paloaltonetworks.com/CVE-2026-0257
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0257