CVE-2026-0257
9.1 CRITICALAuthentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker ...
Published: 2026-05-13 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 9.1 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- CWE
- CWE-565
Affected products
| Vendor | Product |
|---|---|
| paloaltonetworks | pan-os, prisma_access, ruggedcom_ape1808_firmware |
| siemens | pan-os, prisma_access, ruggedcom_ape1808_firmware |
Description
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-33893 — A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamce... (7.5 HIGH)
- CVE-2026-33862 — A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamce... (7.3 HIGH)
- CVE-2026-31431 — In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly r... (7.8 HIGH)
- CVE-2026-35535 — In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mai... (7.4 HIGH)
- CVE-2026-2673 — Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group conf... (6.5 MEDIUM)
Same CWE
- CVE-2026-8337 — Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys (5.3 MEDIUM)
- CVE-2024-0947 — Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Fal... (9.8 CRITICAL)
- CVE-2023-3050 — Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse... (9.8 CRITICAL)