4.7

CVE-2026-0257

PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection.

Panorama and Cloud NGFW are not impacted by these issues.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerPalo Alto Networks
Produkt Cloud NGFW
Default Statusunaffected
Version All
Status unaffected
HerstellerPalo Alto Networks
Produkt PAN-OS
Default Statusunaffected
Version 12.1.0
Version < 12.1.7, 12.1.4-h6
Status affected
Version 11.2.0
Version < 11.2.12, 11.2.10-h7, 11.2.7-h14, 11.2.4-h17
Status affected
Version 11.1.0
Version < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33
Status affected
Version 10.2.0
Version < 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34
Status affected
HerstellerPalo Alto Networks
Produkt Prisma Access
Default Statusunaffected
Version 10.2.0
Version < 10.2.10-h36
Status affected
Version 11.2.0
Version < 11.2.7-h13
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.05% 0.171
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@paloaltonetworks.com 4.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber
CWE-565 Reliance on Cookies without Validation and Integrity Checking

The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.