Palo Alto GlobalProtect auth bypass (CVE-2026-0257) added to CISA KEV after weeks of exploitation
PAN-OS portals with authentication-override cookies on a shared certificate let attackers forge a valid session. Rapid7 observed exploitation since May 17. Federal patch deadline June 19.