CISA Flags Palo Alto Networks PAN-OS Vulnerability as Exploited in Attacks
Cybersecurity NewsArchived Jun 02, 2026✓ Full text saved
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Palo Alto Networks PAN-OS vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively leveraged in real-world attacks. The vulnerability affects PAN-OS, the operating system that powers Palo Alto Networks firewalls. It enables attackers to bypass authentication mechanisms […] The post CISA Flags Palo Alto Networks PAN-OS Vulnerability as Exploited in Attacks appea
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security News
CISA Flags Palo Alto Networks PAN-OS Vulnerability as Exploited in Attacks
By Abinaya
June 2, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Palo Alto Networks PAN-OS vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively leveraged in real-world attacks.
The vulnerability affects PAN-OS, the operating system that powers Palo Alto Networks firewalls. It enables attackers to bypass authentication mechanisms and establish unauthorized VPN access.
According to the official CVE record, CVE-2026-0257 is categorized as an authentication bypass issue linked to CWE-565.
The flaw allows remote attackers to circumvent security restrictions without valid credentials, potentially granting them direct access to internal network resources through VPN connections.
This type of weakness is particularly dangerous because it undermines perimeter defenses and enables attackers to operate as legitimate users within enterprise environments.
PAN-OS vulnerability exploited
CISA added the vulnerability to its KEV catalog on May 29, 2026, with a remediation due date of June 1, 2026, for federal agencies.
The inclusion in the KEV list confirms that exploitation has been observed in the wild. However, there is currently no public confirmation linking the flaw to specific ransomware campaigns.
However, security experts warn that authentication bypass vulnerabilities in network edge devices are frequently targeted by threat actors, including initial access brokers and advanced persistent threat groups.
The impact of this vulnerability is significant, especially for organizations that rely on PAN-OS to secure their remote access infrastructure.
Successful exploitation could allow attackers to gain persistent access, move laterally across networks, and potentially deploy additional malicious payloads.
Given the role of VPN gateways in enterprise environments, exploitation could result in data exfiltration, service disruption, or the further compromise of critical systems.
Palo Alto Networks has issued guidance and mitigation steps to address the vulnerability. Organizations are strongly advised to apply available security updates or patches immediately.
In cases where patches are not yet available or cannot be applied, CISA recommends following vendor-provided mitigation instructions and adhering to Binding Operational Directive (BOD) 22-01 for cloud and network services.
If mitigation is not feasible, discontinuing use of the affected product is advised to reduce exposure to risk.
Security teams should also review authentication logs, monitor VPN access patterns, and investigate any unusual or unauthorized connection attempts.
Indicators of compromise may include unexpected VPN sessions, anomalous login behavior, or access from unfamiliar IP ranges.
Proactive threat hunting and network monitoring are essential to detect potential exploitation attempts early. The addition of CVE-2026-0257 to the KEV catalog highlights the ongoing risk posed by vulnerabilities in network security appliances.
As attackers increasingly target edge infrastructure, timely patching and continuous monitoring remain critical to maintaining a secure enterprise environment.
Free Webinar on OWASP API Top 10 and Guide to Close Visibility Gaps With WAAP
Tags
cyber security
cyber security news
vulnerability
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Abinayahttps://cybersecuritynews.com/
Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.
Trending News
Hackers Use Grandoreiro Malware to Target Portuguese Banks and Latin American Companies
Windows Netlogon 0-Click RCE Vulnerability Now Actively Exploited In The Wild
BIND 9 Software Vulnerabilities Exposes Resolvers and Authoritative Servers to Remote Exploits
New BTMOB Malware Lets Attackers Remotely Control Android Devices
Hackers Abuse Trusted Google Domains to Hide Phishing Links From Email Gateways
Latest News
Cyber Security News
Mustang Panda Deploys PlugX RAT Through Multi-Stage LNK and PowerShell Attack Chain
Cyber Security News
Hackers Use 34 Malicious Packages to Steal Cloud Keys, Wallets, and SSH Credentials
Cyber Security News
SolyxImmortal Python Malware Steals Browser Passwords, Cookies, Files, and Keystrokes
AI
Claude Down for Users Worldwide as Hundreds Report Service Issues
Cyber Security News
TP-Link Router Vulnerability Allows Attackers to Execute Arbitrary System Commands