Palo Alto Networks, Rapid7, Arctic Wolf Identify Active Exploitation of PAN-OS Vulnerability
AI-generated from multiple sources. Verify before acting on this reporting.
SAN FRANCISCO (AP) — A medium-severity authentication bypass vulnerability in Palo Alto Networks' PAN-OS devices is being actively exploited by threat actors to establish unauthorized VPN connections and gain access to internal networks, security firms Palo Alto Networks, Rapid7, and Arctic Wolf confirmed Friday.
The vulnerability, designated CVE-2026-0257, allows attackers to bypass authentication mechanisms on affected PAN-OS devices. The flaw is currently being leveraged globally to expose internal network infrastructure. Palo Alto Networks, Rapid7, and Arctic Wolf issued alerts regarding the active exploitation on May 30, 2026.
The vulnerability affects PAN-OS devices worldwide. Organizations relying on Palo Alto Networks firewalls and network security appliances are at risk of unauthorized access. The authentication bypass enables threat actors to establish VPN connections without valid credentials, potentially exposing sensitive internal systems and data.
Palo Alto Networks has acknowledged the issue and is working on a patch. Rapid7 and Arctic Wolf have identified the exploitation in the wild. The medium-severity rating indicates that while the vulnerability is exploitable, it may require specific conditions or have mitigating factors. However, the active exploitation underscores the immediate risk to affected organizations.
Security experts recommend that organizations immediately assess their PAN-OS devices for the vulnerability and apply available patches or workarounds. Until a fix is deployed, administrators should monitor for unauthorized VPN connections and network anomalies. The global nature of the threat means that organizations across all sectors and regions could be targeted.
The vulnerability was discovered and disclosed by Palo Alto Networks, Rapid7, and Arctic Wolf. The firms are collaborating to provide guidance and support to affected customers. The active exploitation suggests that threat actors are actively scanning for vulnerable devices and attempting to exploit the flaw.
Organizations are advised to review their network security configurations and ensure that all PAN-OS devices are updated to the latest version. The vulnerability highlights the ongoing need for robust security measures and timely patching to protect against emerging threats. As the situation develops, further updates on the scope of the exploitation and the availability of patches are expected.
The active exploitation of CVE-2026-0257 represents a significant security concern for organizations using Palo Alto Networks devices. The collaboration between Palo Alto Networks, Rapid7, and Arctic Wolf underscores the importance of industry cooperation in addressing critical vulnerabilities. As the investigation continues, organizations should remain vigilant and take immediate action to mitigate the risk.