CVE-2026-0257

Summary

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection.

Panorama and Cloud NGFW are not impacted by these issues.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksCloud NGFWAllunaffected
Palo Alto NetworksPAN-OS12.1.0 < 12.1.7, 12.1.4-h6affected
Palo Alto NetworksPAN-OS11.2.0 < 11.2.12, 11.2.10-h7, 11.2.7-h14, 11.2.4-h17affected
Palo Alto NetworksPAN-OS11.1.0 < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33affected
Palo Alto NetworksPAN-OS10.2.0 < 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34affected
Palo Alto NetworksPrisma Access10.2.0 < 10.2.10-h36affected
Palo Alto NetworksPrisma Access11.2.0 < 11.2.7-h13affected

Weaknesses

  • CWE-565: CWE-565 Reliance on Cookies without Validation and Integrity Checking

Workarounds

Customers can mitigate the risk of this issue by taking any of the following actions:

  • Use a dedicated certificate for Authentication Override cookies: Generate a new certificate exclusively for authentication override cookies and store it securely. Do not reuse the portal or gateway certificate, and do not share this certificate with other features or users.
  • Disable Authentication Override: Uncheck the Authentication Override options (for generating and accepting cookies) in the GlobalProtect portal and gateway configuration.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

Additional References

References