How the Attack Works
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalog, confirming that threat actors are actively exploiting it in real world attacks. The vulnerability resides in the operating system powering Palo Alto firewalls and allows remote attackers to bypass authentication mechanisms without valid credentials. By exploiting this weakness, adversaries can establish unauthorized VPN access, effectively sidestepping perimeter defenses and gaining entry to internal network resources as if they were legitimate users. This type of flaw is especially dangerous because it undermines the core security function of network edge devices.
Impact and Mitigation Steps
CISA added the vulnerability to its KEV list on May 29, 2026, with a remediation deadline of June 1, 2026, for federal agencies. While there is no public evidence linking the flaw to specific ransomware campaigns, security experts warn that authentication bypass issues in network edge devices are frequently targeted by initial access brokers and advanced persistent threat groups. Organizations relying on PAN-OS for remote access infrastructure are at significant risk, as successful exploitation could enable persistent access, lateral movement, and deployment of additional malicious payloads. Palo Alto Networks has issued guidance and security updates. The agency strongly urges organizations to apply patches immediately or follow vendor provided mitigation steps. If patching is not feasible, CISA recommends discontinuing use of the affected product.
Source: Cyber Security News
