CVE-2026-0257 was disclosed on May 13. By May 17, someone was already using it in the wild. That four-day gap is what should focus minds. Not the CVSS score of 7.8, and not the technical mechanics of the GlobalProtect authentication bypass. Palo Alto Networks confirmed last week that exploitation is ongoing. Rapid7 tracked two distinct attack waves. Within two weeks, CISA added CVE-2026-0257 to its Known Exploited Vulnerabilities catalog.
The flaw is real, it is being used, and it sits on the internet-facing component that enterprises trust to protect everything behind it.
Why the Cookie Forgery Works
The vulnerability is a design error, not a coding mistake. GlobalProtect’s authentication override cookie feature was built to save users from re-authenticating constantly. The cookie is encrypted with a certificate. When that certificate is also serving the portal or gateway HTTPS endpoint, an attacker can pull the public key from the TLS handshake and forge a valid cookie. The server decrypts it, trusts it, and hands over a VPN session without checking credentials.
Three conditions need to line up: authentication override enabled, shared certificate, Cloud Authentication Service off. None of these is a default setting, which is why Palo Alto’s initial CVSS rating was 4.7. Rapid7 argued for treating it as critical regardless. They were right. The conditions are common in enterprise deployments that chose convenience over security hygiene. A non-default configuration is not the same as a rare one.
What the Attackers Actually Did
Two waves of attacks exploited the GlobalProtect authentication bypass in May. The first, starting May 18, used Vultr-hosted infrastructure and targeted local admin accounts. The second, from May 21, established full VPN tunnels and accessed internal network resources using Dromatics Systems’ address space. Rapid7 found no confirmed lateral movement. Still, access to an internal network without credentials is rarely the end of an attacker’s goals.
The public PoC tooling left clear fingerprints: machine hostnames “GP-CLIENT” and “DESKTOP-GP01”, a spoofed MAC of aa:bb:cc:dd:ee:ff, and a blank source_user_info.domain field. These are not signs of careful tradecraft. Instead, this is automated exploitation using public tools, which suggests the attackers expect volume to work in their favour.
The Perimeter Device Problem
This is not the first time a security vendor’s edge device has been the weak point. Palo Alto, Fortinet, Ivanti, and Citrix have all had serious perimeter vulnerabilities in recent years. Several were exploited within days of disclosure. Check Point disclosed a nearly identical VPN authentication bypass just three days ago. Across vendors, the pattern is consistent: the device exists to enforce authentication, an attacker bypasses it, and the entire network behind becomes accessible.
The GlobalProtect authentication bypass follows that template precisely. That irony is not subtle: the VPN gateway verifies everyone else’s identity, yet its own authentication logic had a flaw that let attackers skip the check entirely.
This argues for something beyond patching cycles. Organisations should not treat perimeter devices as inherently more trustworthy than anything else. Zero-trust segmentation, behaviour-based VPN traffic inspection, and aggressive monitoring of auth logs are reasonable conclusions from what keeps happening to this class of device.
What to Do About CVE-2026-0257 Now
If you run Palo Alto GlobalProtect, first verify whether authentication override cookies are enabled. When they are active, check whether the encryption certificate is shared with the HTTPS service. Both conditions present, plus Cloud Authentication Service disabled, means the GlobalProtect authentication bypass is fully open against your device. Treat that as an emergency.
Patching is the fix. PAN-OS 10.2.7-h34, 11.1.4-h33, 11.2.4-h17, and 12.1.4-h6 are the minimum fixed versions in their respective branches, with additional hotfixes available. Prisma Access on the 10.2 and 11.2 branches is also affected. Cloud NGFW is not. Palo Alto followed a similar emergency patch cadence for its previous PAN-OS zero-day in 2024, and the same urgency applies here.
Two workarounds are available while patching is arranged. Generate a dedicated certificate for authentication override cookies, separate from the HTTPS certificate. Or disable authentication override cookies altogether by unchecking both the generate and accept options in portal and gateway settings. The second option removes the attack surface completely.
For detection, query GlobalProtect logs for successful gateway sessions where the OS is Windows 10 Pro 64-bit and source_user_info.domain is empty. Both are fingerprints of the public PoC tooling. Also alert on POST requests to /ssl-vpn/hipreport.esp from unfamiliar IPs, and block the known malicious addresses: 104.207.144.154, 146.19.216.119, 146.19.216.120, 146.19.216.125, and 79.130.26.202.
Four days between advisory and exploitation is not an anomaly. It is the current baseline. Patch windows have gotten shorter, not longer. Organisations that hold off on emergency patches for VPN edge devices are now routinely losing that bet.
