CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 02, 2026

CISA Flags Palo Alto Networks PAN-OS Vulnerability as Exploited in Attacks

Cybersecurity News Archived Jun 02, 2026 ✓ Full text saved

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Palo Alto Networks PAN-OS vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively leveraged in real-world attacks. The vulnerability affects PAN-OS, the operating system that powers Palo Alto Networks firewalls. It enables attackers to bypass authentication mechanisms […] The post CISA Flags Palo Alto Networks PAN-OS Vulnerability as Exploited in Attacks appea

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News CISA Flags Palo Alto Networks PAN-OS Vulnerability as Exploited in Attacks By Abinaya June 2, 2026 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Palo Alto Networks PAN-OS vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively leveraged in real-world attacks. The vulnerability affects PAN-OS, the operating system that powers Palo Alto Networks firewalls. It enables attackers to bypass authentication mechanisms and establish unauthorized VPN access. According to the official CVE record, CVE-2026-0257 is categorized as an authentication bypass issue linked to CWE-565. The flaw allows remote attackers to circumvent security restrictions without valid credentials, potentially granting them direct access to internal network resources through VPN connections. This type of weakness is particularly dangerous because it undermines perimeter defenses and enables attackers to operate as legitimate users within enterprise environments. PAN-OS vulnerability exploited CISA added the vulnerability to its KEV catalog on May 29, 2026, with a remediation due date of June 1, 2026, for federal agencies. The inclusion in the KEV list confirms that exploitation has been observed in the wild. However, there is currently no public confirmation linking the flaw to specific ransomware campaigns. However, security experts warn that authentication bypass vulnerabilities in network edge devices are frequently targeted by threat actors, including initial access brokers and advanced persistent threat groups. The impact of this vulnerability is significant, especially for organizations that rely on PAN-OS to secure their remote access infrastructure. Successful exploitation could allow attackers to gain persistent access, move laterally across networks, and potentially deploy additional malicious payloads. Given the role of VPN gateways in enterprise environments, exploitation could result in data exfiltration, service disruption, or the further compromise of critical systems. Palo Alto Networks has issued guidance and mitigation steps to address the vulnerability. Organizations are strongly advised to apply available security updates or patches immediately. In cases where patches are not yet available or cannot be applied, CISA recommends following vendor-provided mitigation instructions and adhering to Binding Operational Directive (BOD) 22-01 for cloud and network services. If mitigation is not feasible, discontinuing use of the affected product is advised to reduce exposure to risk. Security teams should also review authentication logs, monitor VPN access patterns, and investigate any unusual or unauthorized connection attempts. Indicators of compromise may include unexpected VPN sessions, anomalous login behavior, or access from unfamiliar IP ranges. Proactive threat hunting and network monitoring are essential to detect potential exploitation attempts early. The addition of CVE-2026-0257 to the KEV catalog highlights the ongoing risk posed by vulnerabilities in network security appliances. As attackers increasingly target edge infrastructure, timely patching and continuous monitoring remain critical to maintaining a secure enterprise environment. Free Webinar on OWASP API Top 10 and Guide to Close Visibility Gaps With WAAP Tags cyber security cyber security news vulnerability Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Hackers Use Grandoreiro Malware to Target Portuguese Banks and Latin American Companies Windows Netlogon 0-Click RCE Vulnerability Now Actively Exploited In The Wild BIND 9 Software Vulnerabilities Exposes Resolvers and Authoritative Servers to Remote Exploits New BTMOB Malware Lets Attackers Remotely Control Android Devices Hackers Abuse Trusted Google Domains to Hide Phishing Links From Email Gateways Latest News Cyber Security News Mustang Panda Deploys PlugX RAT Through Multi-Stage LNK and PowerShell Attack Chain Cyber Security News Hackers Use 34 Malicious Packages to Steal Cloud Keys, Wallets, and SSH Credentials Cyber Security News SolyxImmortal Python Malware Steals Browser Passwords, Cookies, Files, and Keystrokes AI Claude Down for Users Worldwide as Hundreds Report Service Issues Cyber Security News TP-Link Router Vulnerability Allows Attackers to Execute Arbitrary System Commands
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 02, 2026
    Archived
    Jun 02, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗