CVE-2026-0257
KEV
🔴 Łataj teraz
Obejście uwierzytelnienia w GlobalProtect umożliwia nieautoryzowane połączenie VPN.
CVSS
9.1
EPSS
58.8%
Exploit
weaponized
Vendor
paloaltonetworks
Opis źródłowy (NVD)
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.
auth-bypass
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.1 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 58.8% |
| Opublikowano (NVD) | 2026-05-13 19:17:01 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-09 12:47:03 UTC |
Referencje
- https://security.paloaltonetworks.com/CVE-2026-0257 (psirt@paloaltonetworks.com) [Vendor Advisory]
- https://cert-portal.siemens.com/productcert/html/ssa-967325.html (0b142b55-0307-4c5a-b3c9-f314f3fb7c5e) [Third Party Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0257 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]