Skip to main content
Explore our brands An Informa TechTarget Publication
close search
site logo
Dive Brief

CISA adds critical Palo Alto Networks firewall flaw to KEV as company, researchers warn of exploitation

The vulnerability in a vital defensive technology creates serious risks for federal networks, CISA said.

Published June 1, 2026
Eric Geller's headshot
Senior Reporter
Palo Alto Networks
Palo Alto Networks' booth is seen on the show floor of the RSA Conference in San Francisco on April 27, 2023. Experts say hackers have begun exploiting a serious flaw in the company's firewalls. Matt Kapko/Cybersecurity Dive

Hackers are exploiting a software vulnerability in Palo Alto Networks’ firewalls to evade login requirements and remotely access protected systems, the company warned on Friday.

“Palo Alto Networks has become aware of limited exploit attempts on unpatched PAN-OS devices without mitigations applied,” the company said in an update to its security advisory about the flaw, which is tracked as CVE-2026-0257.

CISA on Friday added the high-severity bug to its Known Exploited Vulnerabilities catalog, which requires federal agencies to rapidly patch the flaw.

The U.S. government and many critical infrastructure organizations use firewalls from Palo Alto Networks, which is one of the leading vendors in the marketplace. If hackers bypassed those firewalls’ protections, they could acquire sweeping access to customers’ networks.

“This type of vulnerability is a frequent attack [vector] for malicious cyber actors and poses significant risks to the federal enterprise,” CISA said in its alert about the KEV addition.

Researchers at Rapid7 said they observed exploitation beginning in mid-May but had not yet seen evidence of successful lateral movement from the firewalls to other network devices. Even so, Rapid7 said, “An authentication bypass in an edge-facing enterprise VPN appliance can have significant impact to affected organizations.”

Hackers have frequently targeted Palo Alto Networks firewalls because of their essential role in defending the network perimeter. In May, the company disclosed another flaw in PAN-OS’s authentication system, which CISA also added to the KEV.

Editors' picks

Company Announcements

View all | Post a press release
DeVry University Earns Top 12 National Ranking in Spring 2026 National Cyber League Competition
From DeVry University
May 28, 2026
DeVry University logo
360 Privacy Expands Senior Leadership as Threats to Executives and High-Profile Individuals Gr…
From 360 Privacy
May 21, 2026
360 Privacy logo

Want to share a company announcement with your peers?

Get started

Editors' picks
Latest in Vulnerability
This website is owned and operated by Informa TechTarget, a global network that informs, influences and connects the world's technology buyers and sellers.

© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. An Informa PLC company.
Privacy policy | Terms of use | Take down policy | Cookie Preferences / Do Not Sell