Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection.
Quick answer
Palo Alto Networks PAN-OS should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.
Who is affected
Affected versions
- 10.2.7
- 10.2.8
- 10.2.9
- 10.2.10
- 10.2.11
- 10.2.12
- 10.2.13
- 10.2.14
- 10.2.15
- 10.2.16
- 10.2.17
- 10.2.18
- 11.1.0
- 11.1.1
- 11.1.2
- 11.1.3
- 11.1.4
- 11.1.5
- 11.1.6
- 11.1.7
- 11.1.8
- 11.1.9
- 11.1.10
- 11.1.11
- 11.1.12
- 11.1.13
- 11.1.14
- 11.2.0
- 11.2.1
- 11.2.2
- 11.2.3
- 11.2.4
- 11.2.5
- 11.2.6
- 11.2.7
- 11.2.8
- 11.2.9
- 11.2.10
- 11.2.11
- 12.1.2
- 12.1.3
- 12.1.4
- 12.1.5
- 12.1.6
- -
Fixed versions
- Apply the latest vendor-supported patched version.
How to fix it
Upgrade PAN-OS to the fixed release from Palo Alto Networks and reduce exposure of management and VPN surfaces. For security appliances, patching should be paired with log review, MFA enforcement, and temporary network restrictions if the fixed build cannot be installed immediately.
- Inventory every Palo Alto Networks firewall, Panorama instance, and PAN-OS version in the environment.
- Upgrade affected appliances to the fixed PAN-OS release identified in the Palo Alto Networks advisory.
- Restrict management interfaces, GlobalProtect portals, and gateways to trusted networks wherever possible.
- Enforce MFA, certificate-based access, and least-privilege administrator accounts for remote access and management.
- Apply vendor mitigations or disable the affected feature until the fixed PAN-OS release is deployed.
- Review system, threat, GlobalProtect, authentication, and configuration logs for anomalous access attempts.
- Rotate administrator credentials, API keys, and VPN credentials if unauthorized access is suspected.
Scan now. Google sign-in is only needed to unlock fix guidance.
Verify the fix
- Confirm every affected appliance reports a fixed PAN-OS version after upgrade.
- Validate management and VPN exposure from external networks is limited to approved paths only.
- Review Palo Alto logs for exploit attempts, unexpected admin sessions, or configuration changes.
- Test legitimate VPN and policy workflows after upgrade and mitigation changes.
- Run a Fixnx scan and confirm public exposure does not include unprotected management surfaces.
Related categories
Trusted references
FAQ
What is affected by CVE-2026-0257?
Palo Alto Networks PAN-OS versions listed as affected should be reviewed: 10.2.7, 10.2.8, 10.2.9, 10.2.10, 10.2.11, 10.2.12, 10.2.13, 10.2.14, 10.2.15, 10.2.16, 10.2.17, 10.2.18, 11.1.0, 11.1.1, 11.1.2, 11.1.3, 11.1.4, 11.1.5, 11.1.6, 11.1.7, 11.1.8, 11.1.9, 11.1.10, 11.1.11, 11.1.12, 11.1.13, 11.1.14, 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 11.2.5, 11.2.6, 11.2.7, 11.2.8, 11.2.9, 11.2.10, 11.2.11, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, -.
What should I fix first?
Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.
How do I confirm the fix worked?
Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.
Why can this risk appear in multiple categories?
A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.
