Active scanning campaigns have increased significantly, targeting a critical verification flaw inside core network edge components to establish unverified remote visibility. The vulnerability allows remote unauthenticated actors to bypass standard gateway filters and spawn unauthorized network connection sessions.
Tracked as CVE-2026-0257, the flaw impacts the GlobalProtect portal and gateway modules of PAN-OS software deployed by @[Palo Alto Networks]. The bug involves a logic error within authentication override cookie processing mechanisms. By submitting malformed request parameters to an exposed portal gateway, an attacker can trick the validation engine into verifying the session, gaining an active network connection without presenting valid authentication credentials.
Subverting a primary remote access proxy allows threat actors to compromise the entire corporate perimeter. Once an unauthenticated adversary establishes a persistent virtual network connection, they can route traffic deeper into internal container environments, map network resources, and perform lateral translation maneuvers while evading traditional boundary alarms.
– Apply the emergency software upgrades and maintenance patches issued by the product manufacturer to all firewalls immediately.
– Review edge firewall configurations to identify and restrict GlobalProtect portals operating with unpatched cookie validation methods.
– Scan perimeter transaction histories for unusual session token creation events or unexpected connection triggers coming from unverified nodes.
– Enforce strict identity verification rules, requiring multi-factor check steps that remain independent of automated session cookies.
Edge architecture security relies on instant software modification to ensure central routing platforms are protected from automated authentication override maneuvers. #CodeDefence #PaloAltoNetworks #GlobalProtect #PANOS #VPN #AuthBypass
/
