Palo Alto VPN bug graduates from advisory to active exploitation

CVE-2026-0256 allows attackers to bypass GlobalProtect authentication and gain unauthorized VPN access. The flaw affects PAN-OS deployments with authentication override cookies under specific configurations. Palo Alto initially rated it medium-severity on May 13 and said it had not seen malicious exploitation. Rapid7 researchers reported active exploitation of the vulnerability. Customers are now advised to patch the flaw to prevent unauthorized access. The vulnerability impacts internet-facing PAN-OS systems using GlobalProtect authentication override cookies.