PAN-OS CVE-2026-0257: Forged Cookies Bypass VPN Access
The Short Version
Palo Alto Networks confirmed active exploitation of CVE-2026-0257, a GlobalProtect authentication bypass that lets attackers forge VPN cookies and establish unauthorized connections. Rapid7 observed mass exploitation starting May 17. CISA added the flaw to its Known Exploited Vulnerabilities catalog on May 29, giving federal agencies until June 1 to patch. The root cause is embarrassingly simple: PAN-OS decrypts authentication override cookies with a private key but never verifies a signature, meaning anyone who can obtain the public certificate can forge valid sessions.
What Happened
On May 13, 2026, Palo Alto Networks published an advisory for CVE-2026-0257, describing authentication bypass vulnerabilities in the GlobalProtect portal and gateway. The initial severity rating was Medium because exploitation required devices configured with authentication override cookies enabled and a specific certificate setup. On May 29, the company updated the advisory to HIGHEST urgency after confirming active exploitation against unpatched devices, bumping the CVSS score to 7.8 (Palo Alto advisory).
Rapid7’s Managed Detection and Response team reported observing successful exploitation across numerous customers, with the earliest detected activity on May 17, 2026. Attack infrastructure was traced to Vultr-hosted systems, followed by a second wave from Dromatics Systems on May 21 (Rapid7 analysis).
CISA added CVE-2026-0257 to its Known Exploited Vulnerabilities catalog on May 29, ordering federal agencies to remediate by June 1, 2026 (BleepingComputer).
The Technical Root Cause
The flaw is classified as CWE-565: Reliance on Cookies without Validation and Integrity Checking. Here is the mechanism:
- A GlobalProtect device decrypts authentication override cookies using a configured private key.
- It then trusts the decrypted contents without performing any cryptographic signature verification.
- If the same certificate is reused for both HTTPS services and authentication override cookies, the public key is exposed via the standard TLS handshake.
- An attacker retrieves the public certificate from the GlobalProtect portal or gateway, generates a forged authentication override cookie for an arbitrary user (including the local administrator account), and authenticates without valid credentials.
Rapid7 developed a proof-of-concept exploit demonstrating the full chain: retrieve the public certificate, forge the cookie, authenticate to the gateway. The PoC successfully authenticated to an unpatched GlobalProtect gateway without credentials. In many observed incidents, the appliance accepted the forged cookie but the attacker could not establish a full VPN tunnel. In some cases, they could — granting direct access to internal networks.
Who Is Affected
The vulnerability impacts every major supported PAN-OS branch. Cloud NGFW and Panorama are not affected.
| PAN-OS Branch | Affected Versions | Fixed Version (Earliest) |
|---|---|---|
| PAN-OS 12.1 | 12.1.2 through 12.1.4-h5, 12.1.5–12.1.6 | 12.1.4-h6 / 12.1.7 |
| PAN-OS 11.2 | 11.2.0 through 11.2.4-h16, 11.2.5–11.2.11 | 11.2.4-h17 / 11.2.12 |
| PAN-OS 11.1 | 11.1.0 through 11.1.14+ | 11.1.4-h33 / 11.1.15 |
| PAN-OS 10.2 | 10.2.0 through 10.2.18-h5 | 10.2.7-h34 / 10.2.18-h6 |
| Prisma Access 11.2 | Prior to 11.2.7-h13 | 11.2.7-h13 |
| Prisma Access 10.2 | Prior to 10.2.10-h36 | 10.2.10-h36 |
The prerequisite configuration: GlobalProtect portal or gateway must have authentication override cookies enabled, and the same certificate must serve both HTTPS and cookie decryption duties. This is a common misconfiguration in enterprise VPN deployments.
What Attackers Did
According to Rapid7, the attack pattern was consistent across incidents:
- Attackers authenticated to GlobalProtect gateways using forged authentication override cookies targeting the local administrator account.
- The first observed exploitation on May 18 originated from Vultr-hosted infrastructure.
- A second wave on May 21 came from Dromatics Systems infrastructure.
- Rapid7 did not observe successful lateral movement from compromised devices in most cases, but confirmed that VPN session establishment was possible in some deployments.
The fact that attacks targeted the local administrator account rather than arbitrary domain users suggests the attackers understood the device internals and aimed for management-level persistence, not just network access.
Immediate Mitigation Steps
If patching is not immediately possible, Palo Alto Networks offers two mitigations:
- Use a dedicated certificate for authentication override cookies. Generate a new certificate exclusively for this feature, store it securely, and do not share it with HTTPS services or any other PAN-OS feature. This breaks the public key exposure chain.
- Disable authentication override entirely. Uncheck both the “Generate cookie for authentication override” and “Accept cookie for authentication override” options in the GlobalProtect portal and gateway configuration. Users will need to re-authenticate for each session.
After applying the patch, note that GlobalProtect will regenerate all authentication override cookies using a more secure method. All users must re-authenticate once — this is a one-time event and cookies will function normally afterward.
Additionally, review GlobalProtect logs for authentication events from May 17 onward originating from unexpected source IPs, particularly Vultr and Dromatics Systems ranges. Check for successful VPN sessions associated with the local administrator account that do not correspond to legitimate administrative activity.
Why This Matters for Cloud Security
GlobalProtect is the perimeter gatekeeper for thousands of enterprise networks. A forged cookie bypassing authentication on a VPN concentrator is not just another CVE — it undermines the trust model that remote access infrastructure is built on. The attack requires no credentials, no user interaction, and exploits a design decision (decrypt-without-verify) that should have been caught during threat modeling.
For organizations running hybrid cloud architectures, a compromised GlobalProtect gateway means attackers are past the perimeter and inside the trusted network segment, with potential paths to cloud management interfaces, internal APIs, and administrative consoles that are not exposed to the internet but are reachable from the corporate LAN.
The rapid exploitation timeline — patched May 13, attacked in volume by May 17 — also underscores a persistent operational reality: threat actors weaponize firewall and VPN vulnerabilities faster than most organizations can schedule maintenance windows.