Palo Alto PAN-OS CVE-2026-0265: CAS Signature-Verification Auth Bypass (May 2026)

In the same week of May 2026 that Palo Alto Networks was still firefighting the unauthenticated Captive Portal RCE CVE-2026-0300, it disclosed a second, quieter, and arguably more insidious class of bug: authentication bypass. On May 13, 2026, Palo Alto published advisories for CVE-2026-0265, an improper-verification-of-cryptographic-signature flaw in the Cloud Authentication Service (CAS), and the companion CVE-2026-0257, an authentication-override-cookie bypass in the GlobalProtect portal and gateway. Where the buffer overflow crashes its way to root, these bugs simply walk through the front door as someone else.

CVE-2026-0265 is the one to watch. It is a signature-verification weakness (CWE-347): the appliance fails to properly validate the cryptographic signature on authentication material when CAS is enabled, which lets an attacker forge or tamper with the authentication assertion and bypass the login control entirely. Palo Alto rated it CVSS 7.2 (High). At disclosure, Palo Alto stated it had not confirmed in-the-wild exploitation and that no public PoC existed. But within days, researchers at HacktronAI claimed they had "successfully exploited CVE-2026-0265 to bypass authentication controls on multiple corporations' GlobalProtect portals" and signaled a technical disclosure the week of May 18, 2026. That gap between vendor "no confirmed exploitation" and researcher "we already did it against real targets" is the defining tension of this advisory, and it dictates how fast you should move.

This is an edge-appliance authentication bypass on a VPN gateway that millions of remote workers traverse daily. Even without a published PoC, the right posture is to treat the patch window as short. Below is what is verified, what is contested, and what to do about it.

TL;DR

• CVE-2026-0265 is an improper verification of cryptographic signature (CWE-347) authentication bypass in PAN-OS Cloud Authentication Service (CAS). CVSS 4.0 base 7.2 (High) (vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/...). Published May 13, 2026.
• It is reachable when an authentication profile using CAS is enabled and attached to a login interface (GlobalProtect portal/gateway, management web interface). Cloud NGFW and Prisma Access are not impacted.
• Companion bug CVE-2026-0257 (CWE-565, reliance on cookies without integrity checking) bypasses GlobalProtect portal/gateway auth when authentication-override cookies are enabled; CVSS-B 7.8 / CVSS-BT 4.7.
• At disclosure, Palo Alto reported no confirmed in-the-wild exploitation and no public PoC. Researchers (HacktronAI) claimed live exploitation against real GlobalProtect portals, with technical details planned for the week of May 18, 2026. Treat that as a countdown.
• Patches landed in stages: partial availability May 13, with remaining fixed builds expected around May 28, 2026 (e.g., 12.1.7).
• The fix is patch first. For CVE-2026-0257, disabling authentication-override cookie generation/acceptance is a documented mitigation; for CVE-2026-0265, Palo Alto recommends patching over workarounds.

What happened

On May 13, 2026, Palo Alto Networks published its security advisories for CVE-2026-0265 and CVE-2026-0257, among other PAN-OS issues that month. The advisories were updated May 28 as the remaining fixed builds shipped.

CVE-2026-0265 is classified as CWE-347 (Improper Verification of Cryptographic Signature), mapped to CAPEC-115 (Authentication Bypass). Palo Alto's advisory assigns a CVSS 4.0 base score of 7.2 (High), with the vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red. The vulnerability is reachable when "an authentication profile using CAS is enabled and attached to a login interface." Palo Alto noted that Cloud NGFW and Prisma Access are not impacted, scoping the problem to self-managed PAN-OS firewalls using CAS.

The affected-version footprint is broad, spanning the 10.2, 11.1, 11.2, and 12.1 trains, each with a long list of fixed hotfix builds (for example, 12.1 before 12.1.4-h5 and 12.1.7; 11.2 before 11.2.4-h17, 11.2.7-h13, 11.2.10-h6, and 11.2.12). The staggered patch schedule, with some builds on May 13 and others (such as 12.1.7) carrying an ETA around May 28, is itself an operational hazard: organizations on a train whose fix arrives later have a longer exposure window and need a mitigation in the interim.

The companion CVE-2026-0257 is a distinct weakness, CWE-565 (Reliance on Cookies without Validation and Integrity Checking), affecting the GlobalProtect portal and gateway when authentication-override cookies are enabled with a specific certificate configuration. Palo Alto assigned it a CVSS-B score of 7.8 and a CVSS-BT score of 4.7. Its documented mitigation is to disable the authentication-override cookie options.

On exploitation status, the record is split and worth quoting precisely. Per Rapid7's emergency threat response, "As of May 14, Palo Alto Networks has not confirmed exploitation in-the-wild of CVE-2026-0265, and there is no public proof-of-concept exploit available." However, researchers at HacktronAI claimed practical exploitability, stating they had "successfully exploited CVE-2026-0265 to bypass authentication controls on multiple corporations' GlobalProtect portals" and planned to disclose technical details the week of May 18, 2026. Treat the researcher claim as a strong signal that weaponization is near, not as confirmed mass exploitation.

Technical analysis

The verified root cause of CVE-2026-0265 is improper verification of a cryptographic signature in the Cloud Authentication Service path. Palo Alto has not published the precise mechanism, and as of disclosure there was no public PoC, so the following is an illustrative model of how CWE-347 authentication bypasses work in token-based SSO. It is not a description of the actual exploit and contains no working payload.

CAS is a cloud-backed authentication method. When a user authenticates, the service issues a signed assertion (commonly a JWT or a SAML assertion) that the PAN-OS firewall is supposed to verify before trusting the asserted identity. The security of the whole scheme rests on one thing: the firewall must cryptographically verify that the assertion was signed by the legitimate authority and that the signature covers the claims. CWE-347 is the failure of exactly that check.

# ILLUSTRATIVE model of a CWE-347 signature-verification bypass — NOT the
# CVE-2026-0265 exploit, NOT functional. For understanding the bug class only.

# A signed authentication assertion (conceptually):
{ "header": { "alg": "RS256" }, "claims": { "user": "alice" }, "signature": "<valid sig>" }

# Classic CWE-347 failure modes the verifier might exhibit:
#   - accepting "alg": "none" (skips signature verification entirely)
#   - verifying against the wrong key, or not verifying at all
#   - validating that a signature is *well-formed* but not that it is *correct*
#   - confusing signature-present with signature-valid

# If verification is broken, an attacker forges claims for any user
# and the firewall trusts the forged identity -> authentication bypass.

The reason an auth bypass on this surface is so dangerous is what authentication gates on a PAN-OS firewall. A login interface protected by CAS is typically a GlobalProtect portal or gateway, the VPN entry point for remote employees, or the management web interface. Bypassing authentication there does not crash the box; it makes the attacker an authenticated user or administrator. From a GlobalProtect bypass, an attacker can establish a VPN session into the corporate network as a trusted user. From a management-interface bypass, the attacker gains administrative reach over the firewall itself. There is no exploit "noise" to detect in the way a buffer overflow produces crashes; a successful bypass looks, by design, like a normal successful login.

That stealth is the practical difference between CVE-2026-0265 and the same month's CVE-2026-0300. The overflow is loud and dangerous; the auth bypass is quiet and dangerous. The companion CVE-2026-0257 is structurally similar in effect: by trusting an authentication-override cookie without integrity validation, the firewall lets an attacker who can craft or replay such a cookie skip authentication on the GlobalProtect portal/gateway. Both bugs convert a trust assumption (the signature is valid; the cookie is authentic) into an attacker-controlled input.

What detection looks like

Detecting an authentication bypass is harder than detecting a crash because the malicious outcome mimics a legitimate one. Focus on the seams.

• Authentication anomalies on CAS-protected interfaces. Baseline normal GlobalProtect and management logins, then alert on logins for users from unusual source IPs/geographies, logins that lack the expected upstream CAS interaction, or successful authentications that do not correlate with a corresponding CAS authentication event.
• GlobalProtect session anomalies. Watch for VPN sessions established for accounts that are dormant, for the same account from multiple distant locations concurrently, or for sessions whose authentication path looks abnormal in the PAN-OS auth logs.
• Administrative actions without a clean auth trail. For management-interface exposure, alert on configuration changes, new admin accounts, or rule modifications that are not tied to a verified, expected administrator session.
• Cookie-handling anomalies (CVE-2026-0257). Inspect for GlobalProtect portal/gateway authentication accepted on the basis of override cookies from unexpected clients, and for cookie reuse across sources.
• Vendor and research telemetry. Track Palo Alto advisory updates and the HacktronAI disclosure timeline; the moment a PoC is public, scanning and exploitation against CAS-enabled portals should be expected, and your detection thresholds should tighten accordingly.

What to do Monday morning

1. Determine whether you use CAS, and where. Identify every PAN-OS firewall with an authentication profile using Cloud Authentication Service attached to a login interface (GlobalProtect portal/gateway or management web interface). This is the reachable population for CVE-2026-0265. Separately, identify GlobalProtect configs with authentication-override cookies enabled for CVE-2026-0257.
2. Patch to a fixed build now, prioritizing CAS-enabled, internet-facing firewalls. Map your train to the fixed hotfix (e.g., 11.2 to 11.2.4-h17 / 11.2.7-h13 / 11.2.10-h6 / 11.2.12; 12.1 to 12.1.4-h5 / 12.1.7). If your train's fix has a later ETA (such as 12.1.7 around May 28), do not wait idly; apply interim risk reduction.
3. Reduce management-interface exposure immediately. Restrict the PAN-OS management interface to a management network; never expose it to the internet. Palo Alto noted risk is highest for unrestricted management interfaces with CAS, so this single control meaningfully shrinks exposure while you patch.
4. For CVE-2026-0257, disable authentication-override cookie generation and acceptance in the GlobalProtect portal and gateway configuration if you cannot patch immediately. This is the vendor-documented mitigation.
5. Treat the researcher disclosure as a countdown. With HacktronAI signaling technical details the week of May 18, assume a working bypass becomes public quickly. Have the patch tested and the change window approved before then.
6. Hunt for prior bypass. Because a successful bypass mimics a normal login, review GlobalProtect and admin authentication logs for the anomalies above going back to mid-May 2026. If you find evidence of unauthorized authenticated access, treat it as a potential network intrusion and invoke incident response.

Why this keeps happening

Edge appliances have shifted the attacker's center of gravity from memory corruption to authentication logic, and CVE-2026-0265 is a clean example. For years the marquee edge bugs were overflows and RCEs. As vendors hardened those code paths, attention moved to the authentication and session layer, where bugs are subtler, exploitation is stealthier, and the payoff (a trusted identity) is often higher than a crash. A signature-verification flaw does not require a memory-corruption primitive or an ASLR bypass; it requires the verifier to make one logical mistake, and those mistakes are easy to make and hard to catch in review.

The structural driver is the trust delegation that modern SSO requires. CAS, SAML IdP integrations, and cookie-based authentication overrides all exist to make authentication smoother across distributed estates. Every one of them moves trust into a token or a cookie and makes the appliance's correct verification of that artifact the single point of failure. When the verification is wrong, as in CWE-347, the entire authentication scheme collapses silently. The 2026 PAN-OS advisories pair this perfectly: CVE-2026-0265 fails to verify a signature, and CVE-2026-0257 fails to verify a cookie. Different artifacts, identical lesson.

The exposure is amplified by the fact that these interfaces must be reachable. A GlobalProtect portal is internet-facing by definition; that is its job. So an authentication-bypass bug on it is reachable by everyone, all the time, and the only durable defense is correct verification logic plus minimizing what each authenticated identity can reach.

The structural fix

The first discipline is knowing which firewalls are actually exposed to this bug, not just which ones are "affected versions." Reachability analysis separates the population of CAS-enabled, internet-facing login interfaces from the broader fleet, so engineers patch and harden the firewalls that an attacker can actually reach first, instead of treating every PAN-OS device identically. Because CVE-2026-0265 arrived with a credible researcher exploitation claim ahead of a public PoC, a fast zero-day response loop is what compresses dwell time, turning the advisory into an inventory query, a prioritized patch action, a management-interface-exposure check, and an authentication-log hunt before the PoC drops. Tracking the CVE through a consistent CVE/CWE/EPSS/KEV lens keeps prioritization honest when the severity score (7.2) understates the real risk of a stealthy auth bypass on a VPN front door. None of this prevents the verification flaw, but it shortens the window between disclosure and a patched, hardened, hunted estate.

What we know we don't know

• Whether in-the-wild exploitation is occurring. Palo Alto reported no confirmed exploitation at disclosure; HacktronAI claimed successful exploitation against real GlobalProtect portals. The two statements are not fully reconciled in public reporting.
• The precise exploit mechanism. With no public PoC at disclosure and the vendor not publishing the trigger, the technical model above is generic to CWE-347, not specific to CVE-2026-0265.
• The real-world prevalence of CAS-enabled login interfaces. CAS is a non-default but common configuration; how much of the internet-facing PAN-OS population uses it is not publicly quantified.
• The disclosure outcome. Whether HacktronAI's planned week-of-May-18 disclosure included a working public PoC, and how quickly mass scanning followed, is an evolving question at the time of writing.

References

• Palo Alto Networks, "CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled": https://security.paloaltonetworks.com/CVE-2026-0265
• Palo Alto Networks, "CVE-2026-0257 PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities": https://security.paloaltonetworks.com/CVE-2026-0257
• Rapid7, "ETR: CVE-2026-0265 Authentication Bypass in Palo Alto Networks PAN-OS": https://www.rapid7.com/blog/post/etr-cve-2026-0265-authentication-bypass-in-palo-alto-networks-pan-os/
• Bishop Fox, "Detecting CVE-2026-0265 at Scale: PAN-OS CAS Authentication Bypass": https://bishopfox.com/blog/detecting-cve-2026-0265-at-scale-pan-os-cas-authentication-bypass
• NVD, CVE-2026-0257: https://nvd.nist.gov/vuln/detail/CVE-2026-0257

Internal reading:

• Reachability analysis
• CVE, CWE, EPSS, and KEV explained
• Zero-day response
• Incident response use case
• Security engineer role