Skip to content

Palo Alto Auth Bypass in GlobalProtect Under Active Exploitation

The bottom line: A PAN-OS GlobalProtect authentication vulnerability is currently being actively exploited in two attack waves and requires immediate patching.

An authentication bypass vulnerability in Palo Alto’s GlobalProtect VPN has been actively exploited since mid-May. Attackers have deployed the vulnerability across two documented exploit waves, necessitating immediate patching.

The authentication bypass vulnerability in PAN-OS GlobalProtect VPN is affected, which can be exploited under certain conditions. Since mid-May, attackers have conducted two documented exploit waves targeting this vulnerability.

For security leaders, this vulnerability presents an immediate risk: GlobalProtect is frequently the primary remote access vector in enterprise networks. An authentication bypass allows unauthorized individuals to gain direct access to the internal network without presenting valid credentials. This circumvents multi-factor authentication and conditional access policies.

CISOs should immediately review access to GlobalProtect, identify affected PAN-OS versions, and apply available security updates. The active exploitation underscores that this vulnerability is already being weaponized by organized attackers and should not be considered merely theoretical.


Source: www.darkreading.com · Published 1 June 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification through Lumi News Pipeline v1.2.8.

Share on: