CISA adds critical Palo Alto Networks firewall flaw to KEV as company, researchers warn of exploitation - Cybersecurity Dive
Cybersecurity DiveArchived Jun 02, 2026✓ Full text saved
CISA adds critical Palo Alto Networks firewall flaw to KEV as company, researchers warn of exploitation Cybersecurity Dive
Full text archived locally
✦ AI Summary· Claude Sonnet
DIVE BRIEF
CISA adds critical Palo Alto Networks firewall flaw to KEV as company, researchers warn of exploitation
The vulnerability in a vital defensive technology creates serious risks for federal networks, CISA said.
Published June 1, 2026
Eric Geller
Senior Reporter
Share
License
Add us on Google
Palo Alto Networks’ booth is seen on the show floor of the RSA Conference in San Francisco on April 27, 2023. Experts say hackers have begun exploiting a serious flaw in the company’s firewalls. Matt Kapko/Cybersecurity Dive
Hackers are exploiting a software vulnerability in Palo Alto Networks’ firewalls to evade login requirements and remotely access protected systems, the company warned on Friday.
“Palo Alto Networks has become aware of limited exploit attempts on unpatched PAN-OS devices without mitigations applied,” the company said in an update to its security advisory about the flaw, which is tracked as CVE-2026-0257.
CISA on Friday added the high-severity bug to its Known Exploited Vulnerabilities catalog, which requires federal agencies to rapidly patch the flaw.
The U.S. government and many critical infrastructure organizations use firewalls from Palo Alto Networks, which is one of the leading vendors in the marketplace. If hackers bypassed those firewalls’ protections, they could acquire sweeping access to customers’ networks.
“This type of vulnerability is a frequent attack [vector] for malicious cyber actors and poses significant risks to the federal enterprise,” CISA said in its alert about the KEV addition.
Researchers at Rapid7 said they observed exploitation beginning in mid-May but had not yet seen evidence of successful lateral movement from the firewalls to other network devices. Even so, Rapid7 said, “An authentication bypass in an edge-facing enterprise VPN appliance can have significant impact to affected organizations.”
Hackers have frequently targeted Palo Alto Networks firewalls because of their essential role in defending the network perimeter. In May, the company disclosed another flaw in PAN-OS’s authentication system, which CISA also added to the KEV.
Add us on Google
Share
PURCHASE LICENSING RIGHTS
Filed Under: Vulnerability, Cyberattacks, Threats