On May 13, 2026, Palo Alto Networks warned that a medium‑severity flaw in its PAN‑OS and Prisma Access products could let attackers bypass authentication and spin up unauthorized VPN tunnels. That’s the GlobalProtect authentication bypass the security community’s been buzzing about for weeks now.
Key Takeaways
- Authentication override cookies combined with a certain certificate setup enable the bypass.
- Rapid7 observed two exploitation waves, starting May 17 and May 21, 2026.
- US CISA added the flaw to its KEV catalog, demanding mitigation by June 1, 2026.
- Temporary mitigations include disabling the override feature or issuing a fresh certificate.
- Patching is the only long‑term fix; vendors have already released patches.
GlobalProtect authentication bypass: What’s happening and why it matters
What’s striking is that the vulnerability, tracked as CVE‑2026‑0257 with a CVSS score of 7.8, targets a core component of many enterprises’ remote‑access strategy. It’s not a theoretical flaw; the advisory says attackers can establish a VPN connection without ever presenting valid credentials. That’s a big deal for any org that relies on GlobalProtect as its edge‑facing VPN solution.
Timeline of the active exploitation
Rapid7 first reported successful exploitation across several customers on May 17, 2026. They later identified a second wave on May 21, 2026, where the attackers not only got past the authentication step but also received internal IP addresses from the VPN gateway. According to Rapid7, both waves appear to be the work of the same threat actor.
Updates from Palo Alto Networks
In a follow‑up advisory dated May 29, 2026, Palo Alto Networks said it had become aware of “limited exploit attempts on unpatched PAN‑OS devices without mitigations applied.” The company’s statement also warned that the activity could lead to unauthorized VPN sessions, though they didn’t observe any follow‑on activity beyond the initial connection.
“Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN‑OS® software allow the attacker to bypass security restrictions and establish an unauthorized VPN connection,” Palo Alto Networks said.
Technical details of the bypass
The flaw only surfaces when two conditions line up: authentication override cookies are enabled, and a specific certificate configuration is present. In that scenario, the gateway fails to properly validate the cookie, effectively treating the request as authenticated. That oversight lets an attacker craft a request that the system thinks is legitimate, granting them VPN access.
Why the certificate matters
Certificates act as the trust anchor for the override feature. If an attacker can inject or reuse a certificate that matches the expected profile, the gateway’s checks become moot. The advisory notes that generating a new, exclusive certificate for the override feature can close that gap, at least temporarily.
Response from vendors and mitigations
Palo Alto Networks has already issued a patch for the vulnerability. They’re urging organizations to apply it “on an urgent basis,” echoing Rapid7’s sentiment that the risk is significant. In the meantime, they recommend two short‑term workarounds: disabling the authentication override feature entirely, or rolling out a fresh certificate dedicated to that feature.
Beyond the vendor fix, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE‑2026‑0257 to its Known Exploited Vulnerabilities (KEV) catalog, ordering Federal Civilian Executive Branch agencies to remediate by June 1, 2026. That move underscores how quickly the flaw moved from disclosure to active exploitation.
Industry reaction and broader implications
Rapid7’s analysis calls the scenario “significant impact to affected organizations,” especially because VPN appliances are often the first line of defense for remote workforces. The fact that a single mis‑configured feature can open a backdoor is a reminder that even mature products can harbor critical oversights.
Arctic Wolf recently highlighted a similar pattern with FortiClient’s EMS vulnerability (CVE‑2026‑35616, CVSS 9.1), where attackers weaponized a patched flaw to deliver credential‑stealing malware. The parallel suggests threat actors are actively hunting for mis‑configurations in high‑visibility security gear.
Historical Context
Remote‑access solutions have long been a focal point for attackers. Over the past few years, a handful of high‑profile incidents have shown how a single configuration slip can turn a protective gateway into an entry point. The Arctic Wolf example mentioned earlier fits that pattern, and GlobalProtect’s own history includes occasional advisories about privilege‑escalation paths and certificate handling bugs. Those prior notices didn’t receive the same level of attention, but they laid the groundwork for today’s discovery.
In many enterprises, GlobalProtect was adopted to replace legacy VPN stacks that relied on static preshared keys. The shift brought stronger cryptographic guarantees, but also introduced new management primitives—like authentication override cookies—that were meant for administrators to troubleshoot failed logins without resetting user passwords. Those primitives were never intended to be exposed to the public internet, yet the CVE‑2026‑0257 flaw shows how a combination of default settings and a mis‑matched certificate can inadvertently open them up.
Security researchers have repeatedly pointed out that the “override” concept is a double‑edged sword. It provides a quick escape hatch for support teams, but it also creates a privileged path that bypasses normal credential checks. When the path is coupled with a certificate that the gateway trusts without additional verification, the result is a perfect storm for exploitation.
What This Means For You
If you’re running GlobalProtect on any PAN‑OS firewall, you need to check whether authentication override cookies are enabled. That’s the first step. Then verify the certificate chain used for the override feature; if it matches the risky configuration described in the advisory, generate a new certificate and apply it immediately.
Don’t wait for the official patch if you can’t roll it out within the next few days. Disable the override feature until you can confirm the new certificate is in place, and monitor VPN logs for any unexpected IP assignments. Those short‑term actions can buy you time while you coordinate a full patch deployment.
Looking ahead, the rapid exploitation of CVE‑2026‑0257 raises a question: how many other edge‑facing appliances have hidden “override” knobs that could be abused in a similar way? As vendors rush to patch, organizations will need to audit their remote‑access configurations more aggressively than ever before.
Consider three concrete scenarios. First, a small business with a single firewall often runs GlobalProtect for a handful of remote employees. The admin may have left the override cookie enabled to simplify troubleshooting. In that environment, a single successful bypass can expose the entire internal network, because there are few segmentation controls. Turning off the override and regenerating the certificate is a quick win that dramatically reduces risk.
Second, a large enterprise typically deploys multiple PAN‑OS devices across regions. Each device may have its own override setting, and the certificate hierarchy can be complex. A coordinated scan that discovers any one device with the vulnerable combination can give an attacker a foothold that later spreads laterally. Here, a centralized policy check—using existing configuration management tools—to ensure the override is disabled across the fleet becomes a priority.
Third, a cloud‑native startup often uses GlobalProtect to secure developer workstations that connect to cloud environments. Those developers may spin up short‑lived containers or serverless functions that rely on the VPN for internal API access. If an attacker hijacks a VPN tunnel, they could reach resources that are otherwise shielded by network policies. The startup should treat the override feature as a temporary debugging aid, not a permanent configuration, and enforce the new certificate as part of its CI/CD pipeline.
Key Questions Remaining
Even after patches land, several open items deserve attention. How many organizations have already applied the patch versus how many are still relying on the workarounds? What monitoring capabilities do existing SIEM solutions have to flag the anomalous IP assignments seen in the second exploitation wave? Will future PAN‑OS releases redesign the override mechanism to require multi‑factor validation before granting a tunnel?
Another unanswered question involves supply‑chain visibility. The advisory notes that attackers could craft requests that appear legitimate; however, the exact method of constructing those requests remains under investigation. Understanding whether the technique relies on publicly available tools or bespoke scripts will shape the community’s response.
Finally, the broader ecosystem must consider whether similar “override” features exist in other vendors’ remote‑access products. A systematic review of those knobs could uncover additional blind spots before threat actors have a chance to exploit them.
Sources: The Hacker News, Rapid7
