Reliance on Cookies without Validation and Integrity Checking in Palo Alto PAN-OS - CVE-2026-0257
Published: May 19, 2026
Vulnerability identifier: #VU131778
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2026-0257
CWE-ID: CWE-565
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Palo Alto Networks, Inc.
Affected software:
Palo Alto PAN-OS
Palo Alto PAN-OS
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass security restrictions and establish an unauthorized VPN connection.
The vulnerability exists due to reliance on cookies without validation and integrity checking in the GlobalProtect portal and gateway when processing authentication override cookies. A remote attacker can send crafted authentication data to bypass security restrictions and establish an unauthorized VPN connection.
Only firewalls with the GlobalProtect portal or gateway configured are affected when authentication override cookies are enabled and a specific certificate configuration exists. Panorama and Cloud NGFW are not impacted.
How to mitigate CVE-2026-0257
Install security update from vendor's website.