Skip to content
Auto-CTI
Back to all deep dives
RAPID7 CYBERSECURITY BLOG

CVE-2026-0265: Authentication Bypass in Palo Alto Networks PAN-OS

CVE-2026-0265: Authentication Bypass in Palo Alto Networks PAN-OS

Strategic summary

CVE-2026-0265 is an authentication bypass vulnerability in Palo Alto Networks PAN-OS that occurs when Cloud Authentication Service (CAS) is enabled and attached to a login interface. Affected platforms include PA-Series, VM-Series firewalls, and Panorama appliances, though the configuration is non-default but common. Although no active exploitation has been confirmed, the ease of exploitability and expected disclosure of technical details make emergency patching critical. Patches were partially released on May 13, 2026, with additional fixes due by May 28.

Key findings

  • CVE-2026-0265 allows a remote unauthenticated attacker to bypass authentication on PAN-OS devices with CAS enabled
  • Affected systems include PA-Series, VM-Series, and Panorama; Cloud NGFW and Prisma Access are not impacted
  • Palo Alto Networks released patches for several PAN-OS versions on May 13, 2026, with remaining patches expected by May 28, 2026
  • Given the high likelihood of imminent public exploit availability and the history of PAN-OS targeting, immediate patching is strongly advised
ESC