Palo Alto VPN Flaw Turns Cookie Trust Into a Breach Door

The Palo Alto VPN flaw now being exploited in the wild, tracked as the Common Vulnerabilities and Exposures identifier (CVE, the public label for a disclosed security flaw) CVE-2026-0257, lets unauthenticated attackers forge GlobalProtect authentication cookies on exposed systems that use a risky certificate setup, according to the Palo Alto Networks security advisory. Rapid7 says exploitation began as early as May 17 across numerous customer environments.

The hard lesson is a design one. A convenience feature meant to reduce login friction can become a breach door when a firewall, a virtual private network (VPN, a remote access tunnel for users) and certificate trust all meet at the public edge.

A Medium Score Met a High Trust Boundary

Palo Alto Networks, the firewall and security platform vendor, published the advisory on May 13 and updated it on May 29. The affected software is Palo Alto Networks operating system (PAN-OS, the software that runs its firewalls) and Prisma Access GlobalProtect portals and gateways under a specific configuration. The company now labels the severity High, suggested urgency Highest and exploit maturity Attacked.

The National Institute of Standards and Technology’s National Vulnerability Database entry showed no NVD severity assessment when reviewed, while Palo Alto’s own Common Vulnerability Scoring System with threat context (CVSS-BT, a severity measure that includes threat evidence) score was 7.8 High. That gap is the reason this case cannot be triaged by score alone.

The timing moves this from advisory reading to incident queue work. Four days between publication and Rapid7’s earliest observed exploitation is less time than many large companies need to test firewall code, brief help desks and schedule a maintenance window. Attackers do not need that ceremony.

Cookie Reuse Turned Certificates Into a Master Key

The vulnerable path begins with GlobalProtect’s authentication override feature. After a user signs in, a portal or gateway can issue a cookie so that future sessions do not require the full login flow again. That makes the cookie a portable claim of identity, valuable to users and dangerous when validation fails.

The weak point is certificate reuse. If the certificate used to encrypt and decrypt authentication override cookies is also exposed through the portal or gateway’s Hypertext Transfer Protocol Secure (HTTPS, encrypted web traffic) service, a remote attacker can learn the public key from the certificate chain. With that public key, Rapid7 found, an attacker can encrypt an arbitrary cookie that the appliance decrypts and trusts.

An authentication bypass in an edge facing enterprise VPN appliance can have significant impact to affected organizations.

Rapid7, a Boston cybersecurity firm, wrote that line in its Rapid7 exploitation analysis after its Managed Detection and Response (MDR, a service that monitors customer systems for attacks) team identified successful exploitation across numerous customers. The firm also published a proof-of-concept test that retrieves the certificate chain, forges cookies with available public keys and reports when authentication succeeds.

That bypass cuts around controls security teams tend to trust most. Multifactor authentication (MFA, a second proof such as an app prompt or hardware key) can be strong at the login screen, yet a forged post-login cookie attacks the artifact produced after login. The question for defenders becomes where cookies are trusted, logged and revoked.

The Patch Matrix Leaves Little Room for Staging

Patching is the clean fix, but the affected trains matter because GlobalProtect gateways often sit in change-controlled parts of the network. Palo Alto says Panorama and Cloud Next-Generation Firewall (Cloud NGFW, its cloud firewall service) are not impacted, which gives inventory teams a useful boundary. The live risk sits with GlobalProtect portal and gateway configurations that enable authentication override and reuse the relevant certificate.

The temporary controls are narrower than many change boards like. Disable authentication override cookies, or issue a certificate used only for the cookie feature. Either move breaks the condition attackers need. The safer choice is still the fixed builds, because mitigations require configuration proof, not a ticket note.

Edge Appliances Keep Getting First Contact

GlobalProtect sits in the same class of internet-facing appliances that CISA has been warning about for years. Under its BOD 23-02 management-interface directive, the agency ordered federal civilian agencies to remove covered management interfaces from the public internet or place access control in front of the interface within 14 days of discovery. The covered device classes include firewalls, VPN concentrators, proxies, routers, switches and load balancers.

The directive addresses management interfaces, while CVE-2026-0257 hits a user access path. The shared problem is the device class: security appliances sit where scanners can find them, where normal endpoint agents may not run, and where a successful login starts closer to internal systems than a compromised laptop usually does.

VulnCheck, a vulnerability intelligence company, found in its network edge exploitation report that 181 known exploited vulnerabilities in 2025 involved network edge devices, and 42.5 percent affected products that were end of life or likely end of life. This Palo Alto case differs because patches exist. The broader pattern remains visible: attackers keep aiming at boxes that broker trust for everyone else.

The Hunt Starts in Authentication Logs

For defenders, the immediate work has two tracks: install the software fix, then prove the exposed path was not used before the fix landed. Rapid7 said its first wave came from Vultr, a cloud hosting provider, and a second wave came from Dromatics Systems, another hosting provider named in the firm’s analysis. In the second wave, the firm saw VPN IP assignment after cookie authentication.

• Search GlobalProtect logs for cookie or authentication override logins to local administrator accounts.
• Flag generic host names such as GP-CLIENT or DESKTOP-GP01 when they appear with unfamiliar source addresses.
• Review authentications from cloud hosting providers that do not match normal employee access patterns.
• Check whether authentication override was enabled on portals or gateways before the update.
• Confirm that the cookie certificate was not reused by HTTPS or another exposed service.
• Look for VPN IP assignment after cookie login, even if endpoint telemetry stays quiet.

The awkward part is that compromise may show up as successful authentication. Rapid7 said it did not observe successful lateral movement from the devices it investigated, but the firm also reported accepted forged-cookie probes without full VPN sessions in 8 out of 10 impacted MDR customers. A session that stops short of internal movement can still show an attacker learned enough to pass the gate.

Federal Deadline Changes the Risk Conversation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA, the federal agency that coordinates civilian cyber defense) added the flaw to the Known Exploited Vulnerabilities catalog on May 29, according to Rapid7’s update and the NVD reference link to CISA. The specific CISA catalog entry gives covered agencies until June 1 to apply vendor mitigations, follow cloud-service guidance or discontinue use if mitigations are unavailable.

That deadline is legally aimed at Federal Civilian Executive Branch (FCEB, civilian agencies covered by CISA directives) agencies under Binding Operational Directive 22-01. Private operators are not bound by the federal clock, yet the catalog often acts as a prioritization signal outside government because it means exploitation has moved from theory into observed use.

The business question has also changed. Security leaders now need to know which gateways had authentication override enabled, whether certificates were reused, who logged in with cookie authentication, and whether any accepted session touched internal resources. A clean patch report without those answers leaves too much history blank.

If logs show only rejected probes, the emergency may end with the upgrade. If accepted cookie logins came from unfamiliar hosts, the fix starts a breach investigation.