For the latest insight into this threat, see our latest research publication.
In early June 2026, Arctic Wolf observed an increase in active exploitation of CVE-2026-0257, a high-severity authentication bypass vulnerability affecting the GlobalProtect portal and gateway components of Palo Alto Networks PAN-OS. When first published, the vulnerability carried a CVSS score of 4.7. On May 29, 2026, Rapid7 published a technical analysis and working proof-of-concept (PoC) exploit, prompting Palo Alto Networks to revise the CVSS score upward from 4.7 to 7.8. That same day, CISA added CVE-2026-0257 to the Known Exploited Vulnerabilities (KEV) catalog.
This vulnerability allows a remote, unauthenticated attacker to forge GlobalProtect authentication override cookies and establish unauthorized VPN sessions when authentication override cookies are enabled and the certificate used for authentication override is reused or publicly exposed. According to available reporting, active exploitation has been ongoing since at least May 17, 2026.
In observed exploitation activity, threat actors have forged authentication override cookies for privileged accounts — including administrative accounts such as admin — to establish VPN sessions without credentials or multi-factor authentication (MFA). Post-exploitation activity has included rapid configuration retrieval, IPsec tunnel establishment, and lateral movement using tools such as Impacket and NTLM relay attacks. Because the threat actor leverages what appears to be a legitimate VPN session, detection depends on identifying logins originating from unexpected hosting providers.
Cloud NGFW is not affected by this vulnerability.
Vulnerability Details
This vulnerability was first publicly disclosed by Palo Alto Networks on May 13, 2026. Active exploitation has been confirmed going back to May 17, 2026, and public PoC exploit code has also since been confirmed.
| CVE | CVSS | Vulnerability Type | Vector | Affected Products |
| CVE-2026-0257 | HIGH — 7.8 (CVSS v3.1) | Authentication Bypass (Cookie Forgery) | Unauthenticated, Remote | PA-Series and VM-Series firewalls, and Prisma Access with GlobalProtect enabled and authentication override cookies configured. |
The core design flaw is that vulnerable versions of PAN-OS trust any authentication override cookie it can decrypt without verifying that the cookie was legitimately generated by the device. When the same certificate is used for both the GlobalProtect HTTPS service and authentication override cookie encryption, a threat actor can retrieve the certificate chain from the public HTTPS service and forge valid cookies for any user, including administrators.
Exploitation requires three configuration conditions to be met:
- GlobalProtect portal or gateway is enabled.
- Authentication override cookies are enabled, which is not the default setting.
- The certificate used for authentication override is reused or exposed elsewhere, such as the same certificate used for the GlobalProtect HTTPS service.
Recommendations for CVE-2026-0257
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version of PAN-OS as soon as possible.
| Product | Affected Version | Fixed Version |
| Cloud NGFW | None | All |
| PAN-OS 12.1 | < 12.1.4-h6 < 12.1.7 |
>= 12.1.4-h6 >= 12.1.7 |
| PAN-OS 11.2 | < 11.2.4-h17 < 11.2.7-h14 < 11.2.10-h7 < 11.2.12 |
>= 11.2.4-h17 >= 11.2.7-h14 >= 11.2.10-h7 >= 11.2.12 |
| PAN-OS 11.1 | < 11.1.4-h33 < 11.1.6-h32 < 11.1.7-h6 < 11.1.10-h25 < 11.1.13-h5 < 11.1.15 |
>= 11.1.4-h33 >= 11.1.6-h32 >= 11.1.7-h6 >= 11.1.10-h25 >= 11.1.13-h5 >= 11.1.15 |
| PAN-OS 10.2 | < 10.2.7-h34 < 10.2.10-h36 < 10.2.13-h21 < 10.2.16-h7 < 10.2.18-h6 |
>= 10.2.7-h34 >= 10.2.10-h36 >= 10.2.13-h21 >= 10.2.16-h7 >= 10.2.18-h6 |
| Prisma Access 11.2.0 | < 11.2.7-h13 | >= 11.2.7-h13 |
| Prisma Access 10.2.0 | < 10.2.10-h36 | >= 10.2.10-h36 |
Please follow your organization’s patching and testing guidelines to minimize potential operational impact.
Workaround(s)
If immediate patching is not possible, Palo Alto Networks and Arctic Wolf recommend the following interim mitigations:
- Disable authentication override cookies — If not strictly required, disable authentication override cookies in GlobalProtect portal and gateway settings. Users will need to re-authenticate more frequently, but the primary exploit mechanism is removed.
- Use a dedicated certificate for authentication override — Generate a new certificate used exclusively for authentication override. Do not reuse it for the portal/gateway HTTPS service or any other PAN-OS feature.
- Restrict portal/gateway exposure — Limit GlobalProtect accessibility to trusted IP ranges using security policies, address objects, or geo-blocking. Avoid arbitrary public exposure.
- Enforce MFA for administrative accounts — Ensure MFA is enabled for all privileged GlobalProtect accounts, and disable or rename default “admin” accounts.
Indicators of Compromise
The following IoCs have been associated with confirmed exploitation activity:
| Type | Value | Context | Source |
| IP Address | 104.207.144[.]154 | Early exploitation source | Rapid7 |
| IP Address | 146.19.216[.]119 | Exploitation activity | Rapid7 |
| IP Address | 146.19.216[.]120 | Exploitation activity | Rapid7 |
| IP Address | 146.19.216[.]125 | Exploitation activity | Rapid7 |
| IP Address | 209.99.191[.]137 | Exploitation source | Rapid7 |
| IP Address | 79.130.26[.]202 | Associated with host “Jocker” | Rapid7 |
| IP Address | 146.70.165[.]52 | Exploitation source | Arctic Wolf |
| IP Address | 216.238.74[.]98 | Authenticated as admin via GlobalProtect | Arctic Wolf |
| IP Address | 64.190.113[.]151 | Successful admin login | Arctic Wolf |
| Hostname | kali | Kali Linux client; strong malicious signal | Arctic Wolf |
| MAC Address | aa:bb:cc:dd:ee:ff | Trivially spoofed MAC used across campaigns | Rapid7 |
Arctic Wolf Response
Arctic Wolf has Aurora® Managed Detection and Response (MDR) threat coverage in place that apply to activities observed in this campaign, and will continue to notify customers when new instances of this threat are observed.
