CVE-2026-0257— PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-0257
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
Source: NVD (National Vulnerability Database)
Vulnerability Description
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
在信任Cookie未进行验证与完整性检查
Source: NVD (National Vulnerability Database)
Vulnerability Title
Palo Alto Networks PAN-OS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Palo Alto Networks PAN-OS是美国Palo Alto Networks公司的一套为其防火墙设备开发的操作系统。 Palo Alto Networks PAN-OS存在安全漏洞,该漏洞源于GlobalProtect门户和网关中的认证绕过问题,可能导致攻击者绕过安全限制并建立未授权VPN连接。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Palo Alto Networks | Cloud NGFW | - | - | |
| Palo Alto Networks | PAN-OS | 12.1.0 ~ 12.1.7, 12.1.4-h6 | cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:* | |
| Palo Alto Networks | Prisma Access | 10.2.0 ~ 10.2.10-h36 | - |
II. Public POCs for CVE-2026-0257
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-0257
请登录查看更多情报信息。
Same Patch Batch · Palo Alto Networks · 2026-05-13 · 26 CVEs total
| CVE-2026-0256 | PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface | |
| CVE-2026-0242 | Trust Protection Foundation: SQL Injection Vulnerability | |
| CVE-2026-0258 | PAN-OS: Server-Side Request Forgery (SSRF) in IKEv2 Certificate URL Fetching | |
| CVE-2026-0245 | Prisma Access Agent: Information Disclosure Vulnerabilities | |
| CVE-2026-0259 | WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire App | |
| CVE-2026-0236 | Prisma Browser: Code Injection Enables Security Controls Bypass | |
| CVE-2026-0241 | Trust Protection Foundation: Multiple Authorization Bypass Vulnerabilities | |
| CVE-2026-0261 | PAN-OS: Authenticated Admin Command Injection Vulnerability | |
| CVE-2026-0265 | PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled | |
| CVE-2026-0243 | Prisma SD-WAN: Denial of Service (DoS) Vulnerability Through IPv6 Crafted Packet | |
| CVE-2026-0262 | PAN-OS: Denial of Service Vulnerabilities in Network Traffic Parsing | |
| CVE-2026-0237 | Prisma Browser: Improperly Restricted Automation Bridge Allows Security Bypass | |
| CVE-2026-0247 | Prisma Access Agent Endpoint DLP: Authorization Bypass Vulnerabilities | |
| CVE-2026-0250 | GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway | |
| CVE-2026-0238 | Broker VM: Improper Input Validation in Broker VM Certificate and Key Fields | |
| CVE-2026-0264 | PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remo | |
| CVE-2026-0235 | Prisma Browser: Access and Data Rule Bypass | |
| CVE-2026-0251 | GlobalProtect App: Local Privilege Escalation Vulnerabilities | |
| CVE-2026-0249 | GlobalProtect App: Certificate Validation Bypass Vulnerabilities | |
| CVE-2026-0240 | Trust Protection Foundation: Sensitive Information Disclosure Vulnerability |
Showing top 20 of 26 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Cloud NGFW
- CVE-2026-0256
PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in t - CVE-2026-0258
PAN-OS: Server-Side Request Forgery (SSRF) in IKEv2 Certific - CVE-2026-0261
PAN-OS: Authenticated Admin Command Injection Vulnerability - CVE-2026-0262
PAN-OS: Denial of Service Vulnerabilities in Network Traffic - CVE-2026-0263
PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing
Same vendor: Palo Alto Networks
- CVE-2026-0243
Prisma SD-WAN: Denial of Service (DoS) Vulnerability Through - CVE-2026-0248
Prisma Access Agent: Improper Certificate Validation Vulnera - CVE-2026-0242
Trust Protection Foundation: SQL Injection Vulnerability - CVE-2026-0244
Prisma SD-WAN: Improper Certificate Validation Vulnerability - CVE-2026-0241
Trust Protection Foundation: Multiple Authorization Bypass V
Same weakness: CWE-565
- CVE-2026-39963
Serendipity: Host Header Injection enables authentication co - CVE-2026-5130
Debugger & Troubleshooter <= 1.3.2 - Unauthenticated Privile - CVE-2014-125112
Plack::Middleware::Session::Cookie versions through 0.21 for - CVE-2022-50926
WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation - CVE-2025-14440
JAY Login & Register <= 2.4.01 - Authentication Bypass via C
V. Comments for CVE-2026-0257
No comments yet