CVE-2026-0257

Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
13/05/2026
Last modified:
09/06/2026

Description

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection.<br /> <br /> Panorama and Cloud NGFW are not impacted by these issues.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* 10.2.7 (excluding)
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h24:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h32:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:*:*:*:*:*:*:*