GlobalProtect Cookie Bypass Makes VPN Edge Hygiene Urgent

Palo Alto Networks updated CVE-2026-0257 on May 29, 2026 with exploit maturity marked as attacked and said it had become aware of limited exploit attempts on unpatched PAN-OS devices without mitigations. CISA added the issue to the Known Exploited Vulnerabilities catalog the same day, and NVD records a June 1, 2026 due date for federal civilian agencies to apply vendor mitigations or discontinue use if mitigations are unavailable.

The bug is narrower than every GlobalProtect deployment, but serious for exposed deployments that match the required configuration. Palo Alto says the issue affects GlobalProtect portal or gateway configurations when authentication override cookies are enabled and a specific certificate configuration exists. The useful response is not a generic VPN panic. It is a fast inventory of affected versions, cookie-override settings, certificate reuse, patch status, and signs that a VPN session was established without the normal authentication path.

The original Palo Alto Networks advisory for CVE-2026-0257 was published on May 13, 2026. The important change for operators came on May 29, when the advisory showed exploit maturity as attacked and added that limited exploit attempts had been observed against unpatched PAN-OS devices without mitigations. NVD also records the same date for CISA KEV enrichment.

CISA's KEV listing changes the operational priority. Federal civilian agencies have a binding timeline, but the catalog also acts as a signal to private organizations: exploitation has moved past proof-of-concept discussion and into observed attack activity. Rapid7 separately reported observed exploitation and validated a successful proof of concept, which gives defenders another reason to treat edge exposure as urgent.

The vulnerability allows an attacker to bypass security restrictions and establish an unauthorized VPN connection through the GlobalProtect portal or gateway. That phrasing matters. The issue is not described as direct remote code execution on the firewall, but a VPN tunnel can still be a high-impact starting point because it may place the attacker on routes normally reserved for authenticated users.

Palo Alto's advisory says the issue affects firewalls with GlobalProtect portal or gateway configured when authentication override cookies are enabled and a specific certificate configuration exists. In practical terms, teams need to check both feature use and certificate handling. A deployment that does not use GlobalProtect, does not enable the relevant cookie options, or has already applied fixed releases has a different risk profile than an unpatched internet-facing portal with cookie override enabled.

Authentication override cookies are a convenience and usability feature. They can reduce repeated authentication prompts after a successful login. That convenience becomes sensitive when cookie integrity and certificate boundaries are part of the trust decision. If a cookie can be accepted without the right validation guarantees, the VPN edge can mistake an unauthorized client for a previously authenticated one.

This is why the immediate question is not only what PAN-OS version is installed. It is also whether the portal generates authentication override cookies, whether the gateway accepts them, which certificate signs or encrypts that material, and whether that certificate is reused for other features. Certificate reuse is often treated as operational tidiness. At a VPN edge, it can turn into a trust-boundary problem.

Palo Alto lists fixed releases across PAN-OS 10.2, 11.1, 11.2, and 12.1, including multiple hotfix paths for organizations pinned to different maintenance trains. The advisory also says Cloud NGFW is not affected, and that Prisma Access customers are being upgraded according to the service upgrade schedule shared with customers.

One operational detail deserves advance communication. Palo Alto says the fix regenerates authentication override cookies using a more secure method when the feature is configured. Users with a valid cookie may therefore need to reauthenticate once after the upgrade. That is a small disruption compared with an exposed VPN edge, but it can produce helpdesk noise if employees and service owners are not warned.

If an organization cannot patch immediately, Palo Alto lists two mitigation directions: use a dedicated certificate exclusively for authentication override cookies, or disable authentication override by unchecking the relevant generate and accept options in the portal and gateway configuration. Those mitigations are not a reason to defer patching indefinitely. They are a way to reduce immediate exposure while the upgrade path is scheduled and tested.

A successful bypass does not automatically prove domain compromise, data theft, or malware deployment. It does mean the attacker may have crossed a control that most organizations rely on to separate the public internet from internal services. That is enough to trigger incident triage, especially for gateways that route to administration consoles, file shares, identity systems, source repositories, monitoring tools, or production control planes.

Start with the VPN layer. Review GlobalProtect portal and gateway logs around the exposure window, looking for sessions that do not line up with normal authentication events, source networks that do not match the user population, odd hostnames, unusual operating systems, short bursts of access, or repeated failed and successful attempts around the same time. Rapid7's reporting can help shape hypotheses, but each environment has to validate against its own telemetry.

Then move inward. Check whether any suspicious VPN session touched internal web apps, identity providers, RDP or SSH targets, code repositories, CI/CD systems, secrets stores, cloud consoles, or backup interfaces. If the VPN account mapping is weak or logs are incomplete, assume the edge event may have created lateral visibility and scope accordingly.

Security teams often classify VPN hardening as MFA, geofencing, device posture, split-tunnel rules, and patching. CVE-2026-0257 adds a quieter control to that list: which certificates are allowed to protect which trust artifacts. A certificate used for one feature should not casually become the proof material for another feature if that reuse weakens validation or increases blast radius.

Dedicated certificate material for authentication override cookies is a clean boundary. It gives administrators a way to rotate or retire the cookie trust material without disturbing unrelated portal or gateway functions. It also makes configuration review easier because the certificate's purpose is explicit rather than inferred from reuse across several settings.

This is a useful lesson beyond one vendor. Session continuation features are common across VPNs, browsers, identity providers, and enterprise collaboration tools. They reduce friction after login, but they also create artifacts that may outlive the original authentication event. Those artifacts need integrity checks, short enough lifetimes, isolated signing or encryption keys, and emergency revocation paths.

Public sources do not identify every victim, every source address, or the full post-access behavior of attackers. Palo Alto describes limited exploit attempts, and Rapid7 describes observed exploitation, but those public reports are not a complete incident map for every exposed GlobalProtect deployment. A clean news report is not proof that an individual environment was untouched.

The safest assumption is that internet-facing GlobalProtect systems matching the vulnerable configuration deserve both remediation and retrospective review. Teams should avoid two common mistakes: treating a patch as evidence that no attacker entered before the patch, and treating the lack of endpoint alerts as evidence that no unauthorized VPN session happened. Edge devices can grant access before endpoint tools see anything.