Someone entered your VPN without credentials. No password, no second factor — just a forged authentication cookie that the VPN accepted. CVE-2026-0257 in Palo Alto's PAN-OS GlobalProtect does exactly that: authentication bypass with CVSS 9.1, CISA KEV with a June 1 deadline, and active exploitation since May 17. At Tech86, we see this for what it is — when your VPN accepts forged cookies, the perimeter is not protecting you.
The bug: authentication override cookies became an open door
GlobalProtect supports authentication override cookies — a reauthentication mechanism that lets users reconnect without a new login when the cookie is valid. In theory, convenience. In practice, the entry vector.
The vulnerability allows an unauthenticated attacker to forge the cookie and establish a direct VPN connection to the internal network. No credentials. No MFA. No user interaction. The attacker walks through the VPN as a legitimate employee — the perimeter is completely bypassed.
The vulnerable configuration is specific but not rare: Cloud Auth disabled + auth override cookies enabled + cookie encryption certificate shared with HTTPS. When all three are present, the appliance accepts the forged cookie. If your environment matches this profile, patching is urgent.
The exploitation: real data from Rapid7 MDR
This is not theory. Rapid7 MDR detected the first wave of exploitation on May 18, in a client environment on Vultr. The compromised device hostname: "GP-CLIENT". Spoofed MAC address: aa:bb:cc:dd:ee:ff. Three days later, on May 21, a second wave hit another client, on Dromatics. Hostname: "DESKTOP-GP01". Same MAC — same actor.
The numbers are revealing: in 8 out of 10 analyzed clients, the forged cookie was accepted without even assigning a VPN IP. In 2 out of 10, the attacker gained complete access to the internal network. The difference between the two scenarios depends on the specific gateway configuration — but in both, the perimeter was breached.
The exploitation pattern is consistent: the attacker forges the cookie, connects to GlobalProtect, and if the configuration allows it, navigates the internal network as an authenticated employee. No brute force, no phishing, no social engineering. A direct and silent bypass.
The discrepancy: "medium" is not medium
Palo Alto classified the vulnerability as "medium." The argument: it requires a specific configuration. Rapid7 publicly disagreed, and we agree with Rapid7.
An auth bypass in an internet-facing VPN that places attackers inside the internal network is not medium. It is critical. The fact that it depends on a specific configuration does not reduce severity — it reduces the number of targets, but not the impact on those affected. A vendor classifying as "medium" a vulnerability that grants unauthenticated access to the internal network is a communication problem, not a severity problem.
The precedent is recent and severe: CVE-2024-3400, CVSS 10.0, same GlobalProtect surface, exploited by state-sponsored actors within hours. Palo Alto VPN is one of the most targeted appliances on the market. The window between disclosure and active exploitation is measured in hours, not days.
What to do now
The stopgap is clear: disable auth override cookies or generate a dedicated certificate for cookie encryption that is not shared with HTTPS. These mitigations reduce the surface immediately, but they do not replace the patch. PAN-OS updated across all branches, no exceptions.
Rapid7 published a PoC script on GitHub. Use it to test your appliances. If the forged cookie is accepted, the appliance is vulnerable — regardless of what the vendor classifies it as.
Monitor logs actively. The documented indicators of compromise are hostnames "GP-CLIENT" and "DESKTOP-GP01" and MAC address aa:bb:cc:dd:ee:ff. If any of these appear in your logs, the internal network has already been accessed. This is not an attempt — it is confirmed compromise.
The lesson: VPN is the perimeter
VPN is the perimeter. When it accepts forged cookies, the network is exposed. This vulnerability reinforces what we advocate at Tech86: trust must not be delegated to a single perimeter control. Zero-trust architectures verify identity at every access point, not just at the front door.
If someone enters your VPN without credentials, the perimeter is not protecting you. If the vendor classifies that as "medium," the problem is communication — not severity. We audit perimeters and design zero-trust architectures because the reality of attacks does not wait for vendor classification.