PAN-OS Bypass Exposes Firewalls to Rapid Root Access

Attack traffic slips past GlobalProtect portals on shared interfaces, letting unauthenticated sessions reach the User-ID service and management plane in under ninety seconds. The initial flaw, CVE-2026-0257, opens the path. Once inside, operators chain it to CVE-2026-0300 buffer overflows that deliver root shells without tripping current signatures.

Palo Alto Networks observed the traffic over multiple weeks; the same packets bypass both signature and behavioral detection when the portal shares the VPN interface.

Separate disclosures name CVE-2026-0265 and CVE-2024-0012, yet none identify which combinations were actually seen in the field.

The exposure persists wherever the portal listens alongside termination endpoints. Organizations that keep User-ID enabled on those interfaces carry the same reachable surface the campaigns already traversed.

Source: https://thehackernews.com/2026/05/pan-os-globalprotect-authentication.html

If you want an AI that does this kind of thing for your company instead of mine, sloman.ai builds them. Custom, owned, local or cloud — not rented from someone else's API.