—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Authentication Bypass Vulnerability in PAN-OS GlobalProtect

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

PAN-OS 12.1 versions prior to 12.1.4-h6 and 12.1.7

PAN-OS 11.2 versions prior to 11.2.4-h17, 11.2.7-h14, 11.2.10-h7 and 11.2.12

PAN-OS 11.1 versions prior to 11.1.4-h33, 11.1.6-h32, 11.1.7-h6, 11.1.10-h25, 11.1.13-h5 and 11.1.15

PAN-OS 10.2 versions prior to 10.2.7-h34, 10.2.10-h36, 10.2.13-h21, 10.2.16-h7 and 10.2.18-h6

Prisma Access 11.2.0 versions prior to 11.2.7-h13

Prisma Access 10.2.0 versions prior to 10.2.10-h36

Overview

A vulnerability has been reported in PAN-OS GlobalProtect that could allow a remote attacker to bypass security restrictions and establish an unauthorized VPN connection on the targeted system.

Target Audience:

Organizations, Enterprises, Managed Security Service Providers using PAN-OS based PA-Series and VM-Series firewalls.

Risk Assessment:

High risk of unauthorized access, data exposure.

Impact Assessment:

Potential for privilege escalation.

Description

PAN-OS GlobalProtect is Palo Alto Networks secure remote-access and Zero Trust Network Access (ZTNA) solution that enables authenticated users to securely connect to enterprise resources from any location while enforcing security policies.

A vulnerability has been reported in PAN-OS GlobalProtect due to authentication bypass flaw in the GlobalProtect portal and gateway.

Successful exploitation of this vulnerability could allow a remote attacker to bypass security restrictions on the targeted system.

Solution

Apply appropriate updates as mentioned:

https://security.paloaltonetworks.com/CVE-2026-0257

Vendor Information

Palo Alto

https://security.paloaltonetworks.com/

References

 

https://security.paloaltonetworks.com/CVE-2026-0257

CVE Name

CVE-2026-0257

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmogQUcACgkQ3jCgcSdc

ys/yxA//UbyKb8F7FJDLco+9YirEFMxZ+V6TqvoxIv1DFOCZzduRSvS+FD0Tx9au

IWInZtWPx+m9aAxIC7va5Q2nVnZikEncEUXFN9KAltr0RiOlXlf7WKVcbrR3Snvr

m4yKs1Ap2YxxNP+a4gG6DH4hm4vuDSGwB3jw2ti/b7pijF6bcZ2ryj2uWwus3C74

SSx8PSr+NIgxDayut4UJHkakbzkOkfb5AxEDm+ZHEgXOueQGISe2b0xBYKZW1+gW

5q7ewV8uxX1dqFBjqJ1gGY6QRP2NM3z0+iJ0m3UVtYuRA7U2+G5O+jl/eWen84Ho

ZxuNSCko1cwaFSfIHg/v6oYf34DqOgh+WHuVQ5Of5OgzmKOHMZtpLYeMb+a0f132

Y4s9Ezse+wxp5zCzu5iq4fB/DhAa5n96Xu12dIeIY+8rtkQqOjjnvd9Pb86G/4Pn

fNUZiC0o0Pul4O7KTvY7jM7t8Q+5PMYlMj3XPfhIREX2FRNKk7/e3XkasCqq1peg

bcAT/5YCqKBNuEFAa7BeJdsMwGlCL/vgi6cHF6IysGDB6e7qgzmLyOwLek0IfMPY

jKvfsz2UrsZLyAtr6ZrbQ07zyyErR3K7kghfDGb1cS1pXPBn/tf3osXMcY3lrXZ6

zJGqmLPwFgaBd4RgGa+2E/7Ns0aeqL7CrPk9Q7Ejv4vQo6QL+Yo=

=OytG

—–END PGP SIGNATURE—–