Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw

Palo Alto Networks confirmed on March 18, 2026, that an unknown threat actor is actively exploiting a critical vulnerability in its PAN-OS software. The vulnerability, identified as CVE-2026-0257 with a CVSS score of 7.8, allows for authentication bypass on GlobalProtect portals and gateways. This flaw enables unauthorized access to sensitive network resources. The company issued a security advisory detailing the exploitation and provided mitigation steps for affected customers. These steps include disabling the GlobalProtect portal and gateway features if not in use, or ensuring that the affected versions of PAN-OS are updated to a patched release. Palo Alto Networks stated that it is working on releasing patches for all affected versions of PAN-OS and recommended customers to apply these updates as soon as possible. The advisory also noted that the threat actor appears to be targeting specific organizations, though the exact motives and scale of the attacks remain under investigation. This incident highlights the ongoing risks associated with VPN vulnerabilities and the importance of timely security updates.