PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 (CVSS score: 7.8), refers to a case of authentication bypass that could be exploited by bad actors to set up VPN connections. "Authentication bypass vulnerabilities in the

The article reports that Palo Alto Networks PAN-OS and Prisma Access are affected by CVE-2026-0257, an authentication bypass vulnerability in GlobalProtect that is now under active exploitation, allowing remote unauthenticated attackers to establish unauthorized VPN connections when specific configurations (authentication override cookies and certificate reuse) are present.[1][2][3] CISA has added this flaw to its Known Exploited Vulnerabilities catalog, and vendors and researchers recommend urgent patching or mitigations such as disabling the authentication override feature or using a dedicated certificate.[3][4][9] From a CyberSE.AI perspective, this illustrates the broader AI supply chain risk where critical security and network platforms that may host, front-end, or protect AI agents and models can be compromised via VPN/auth bypass, enabling lateral movement to AI infrastructure and associated data. Organizations should treat third‑party network/security appliances as part of the AI attack surface, integrate them into SBOM and dependency inventories, and include them in AI Security Readiness Assessments to ensure rapid patching, strict exposure management, and hardening of any