Active Exploitation of CVE-2026-0257: GlobalProtect VPN Authentication Bypass Threatens Enterprise Networks
Palo Alto Networks confirms active exploitation of CVE-2026-0257 in GlobalProtect VPN. Attackers exploit shared certificates between HTTPS and authentication override to forge cookies, impersonating admins. CISA added to KEV. Urgent upgrade or dedicated cookie encryption certificate recommended.