Arctic Wolf identified a significant increase in exploitation attempts targeting CVE-2026-0257, a Palo Alto Networks GlobalProtect authentication bypass vulnerability, beginning in late May 2026. The campaign intensified following public release of working exploit code and technical documentation. Successful attacks require specific configuration exposure of GlobalProtect portals or gateways combined with authentication override cookie manipulation, and exploitation activity remains ongoing.

Why it matters in Western Canada: Many Western Canadian government agencies, post-secondary institutions, and enterprise organizations rely on Palo Alto Networks for VPN and network security. This active exploitation campaign targeting exposed GlobalProtect deployments poses immediate risk to organizations with internet-facing VPN infrastructure.

CVEs: CVE-2026-0257

---

Summary generated from the original advisory. Read the full source: arctic-wolf