The GlobalProtect bypass deadline already passed, but you might not be affected

The federal deadline on this one is already behind us. CISA added CVE-2026-0257 to KEV on May 29 with a June 1 BOD 22-01 cutoff, and attackers were exploiting it in the wild before that date even arrived. So the calendar says fire. The config says maybe. Whether this PAN-OS GlobalProtect bypass actually touches your firewall comes down to a one-minute look at the portal’s authentication settings, not the build number on the box. Do that check before you schedule anything.

What changed

Palo Alto disclosed CVE-2026-0257 on May 13, an authentication bypass in the GlobalProtect portal and gateway, which is the remote-access VPN front door. The flawed piece is the “authentication override” cookie, a session-persistence token that lets an already-authenticated user reconnect without retyping credentials. The bug, classified CWE-565 on NVD, is that the firewall decrypts that cookie and then trusts the contents with no integrity check. As Rapid7 put it, “the decrypted content is then trusted implicitly, with no signature verification of any kind occurring after decryption.” An unauthenticated attacker forges a cookie and lands a VPN connection with no credentials.

What it means for your environment

Here is the part that turns this from a fire drill into a triage call: you are only exploitable if three things are true at the same time. Rapid7 identified all three gates: authentication override is enabled, the same certificate is used for both the portal/gateway HTTPS service and for encrypting the override cookies, and the Cloud Authentication Service (CAS) is not in use. When an admin reuses the HTTPS cert for cookie encryption, an attacker just connects to the HTTPS service, pulls the certificate’s public key, and crafts a cookie the firewall will decrypt and accept. Authentication override is off by default, which narrows the exposed population a lot.

So an unpatched firewall may be perfectly safe, and a patched-looking one could still be misconfigured. The PAN-OS version is the wrong first question. The config is the right one.

The exposure check is a single look. Pull the portal config, open the Authentication tab under Agent Configuration, and see whether the override cookie boxes are checked. If they’re unchecked on both the portal and your gateways, you are not vulnerable, full stop, regardless of which build you’re on. If they’re checked, the cert reuse decides it. That’s your 60 seconds.

On the severity numbers, expect to see two and don’t let it derail the conversation. NVD scores it 9.1 Critical under CVSS 3.1; Palo Alto’s advisory scores it 7.8 High under CVSS 4.0. That’s a framework difference, not a contradiction. v4.0 splits impact across the vulnerable and subsequent systems and tends to land lower. Both versions agree on the attacker profile: network-reachable, unauthenticated, no user interaction. When you quote a number to your change board, name the version.

How bad were the actual attacks? Real but constrained. Rapid7’s MDR saw two exploitation waves, May 17 and May 21, attributed to a single actor. A subset of victims in the second wave got a VPN IP, an actual foothold inside the network. But Rapid7 reported no observed lateral movement in any identified compromise, and in most cases the forged cookie was accepted without a full tunnel even coming up. No ransomware, no exfiltration tied to it as of early June. One correction worth carrying into the room: the “80% of customers targeted” line floating around is a misread. Rapid7’s figure was that 8 of 10 impacted MDR customers had the appliance accept a forged cookie, which describes how the exploit manifested in confirmed victims, not how much of the customer base got hit. A public proof-of-concept exists now, which makes opportunistic scanning trivial. The gating conditions are the only thing standing between an exposed config and an easy hit.

What you need to do

First, run the exposure check above. If the override boxes are unchecked, you’re done; close the ticket. If they’re checked, here’s the decision.

Patch to the right build. The fix ships in per-branch PAN-OS hotfixes, and the exact hotfix letter matters. Per Palo Alto’s advisory, that’s builds like 10.2.7-h34, 11.1.6-h32, 11.2.7-h14, and 12.1.4-h6 or 12.1.7, among others in each family. An earlier build in the same branch does not clear the CVE, so verify against the advisory’s table rather than trusting a “we’re on 10.2.7” gut check. Some early secondary reports cited slightly wrong builds (10.2.7-h32, for one), which is exactly the kind of off-by-a-hotfix error that closes a ticket without closing the hole.

If you can’t patch this hour, two stopgaps with very different costs:

Move	What it does	What it costs
Disable authentication override	Removes the attack surface entirely	Forces re-auth every VPN session, real help-desk load in high-reconnect shops
Dedicated override cert	Closes the forge vector, keeps session persistence	PKI work to generate and assign a cert used only for override cookies

Five-minute fix: uncheck the override boxes on the portal and each gateway. Hour-long fix that keeps your users from re-authenticating all day: generate a new certificate used only for override cookies, separate from the HTTPS cert.

Prisma Access is mostly handled for you. Palo Alto says it’s upgrading affected Prisma Access tenants on its own schedule and notifying customers. But on-prem NGFWs in hybrid deployments have to be upgraded separately and in tandem, so your on-prem firewalls stay your job.

If you think you were actually hit, treat it as an authenticated network presence, because that’s what the forged cookie buys. Rotate VPN client certs, revoke override certs in use, and review IdP/RADIUS/LDAP logs for sessions that lack a matching legitimate MFA event. Audit GlobalProtect tunnel logs for unexpected source IPs, paying attention to activity before May 13. Upgrading to a fixed build invalidates existing cookies and forces a one-time re-auth, which is a clean session-revocation event on its own. Fair warning: that IR outline is inferred from the access type plus standard practice. Neither Rapid7 nor the advisory has published a formal post-exploitation checklist, and “no lateral movement observed” is telemetry from early June, not a guarantee.

Don’t patch the wrong Palo Alto bug

There’s a second critical PAN-OS flaw in the same window, and it is not this one. CVE-2026-0300 is a buffer overflow in the User-ID Authentication Portal, the captive portal, where a crafted unauthenticated request gets root RCE. It scored CVSS 4.0 9.3, is confirmed exploited, and hit KEV on May 6, about three weeks before 0257. Prisma Access and Cloud NGFW aren’t affected by it. Quick triage: GlobalProtect VPN for remote workers is 0257; the captive portal feeding User-ID mappings is 0300, and it’s the higher-severity one. They’re not mutually exclusive, so if you run both features, both are on the list. (For the historically inclined: GlobalProtect has worn this shape before, including the CVE-2020-2021 SAML bypass that scored a 10.0, and 0257 rhymes with it as another crypto-trust assumption in the auth path.)

The window

The deadline passed June 1, but the real urgency is gated by your own config. If override is off, this is a non-event you can document and move on from. If it’s on with a reused cert and you’re internet-reachable, a public PoC plus opportunistic scanning means this jumps ahead of whatever else was in your patch queue, and the five-minute mitigation buys you the breathing room to schedule the hotfix properly instead of doing it at 2 a.m. The honest read: this is not a “drop everything” for most shops, because the default-off feature keeps the exposed population small. It’s a “find out which shop you are in the next hour,” and for the slice that’s exposed, it’s a this-week patch with a same-day stopgap.

PatchDay Alert flags the KEV adds in the daily digest the morning they land, with the exposure conditions attached, so the config-gated ones don’t get triaged as blanket fire drills.

Sources

• Palo Alto Networks, CVE-2026-0257 advisory — 2026-05-13
• The Hacker News, CVE-2026-0257 under active exploitation — 2026-05
• Help Net Security, CVE-2026-0257 exploited — 2026-06-01
• NVD, CVE-2026-0257 — 2026-05-13
• Rapid7 ETR, CVE-2026-0257 — 2026-05
• Palo Alto Networks, CVE-2026-0300 advisory — 2026-05