PT-2026-40713 · Palo Alto Networks · Pan-Os+4

Published

2026-05-13

·

Updated

2026-06-01

·

CVE-2026-0265

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions PAN-OS (affected versions not specified)
Description An authentication bypass exists in the Cloud Authentication Service (CAS) component of PAN-OS due to incorrect cryptographic signature verification. This allows an unauthenticated attacker with network access to bypass authentication controls when CAS is enabled. The risk is higher if CAS is enabled on the management interface and lower on other login interfaces. Technical exploitation involves forging JSON Web Tokens (JWTs) to bypass authentication and escalate privileges to administrator level. Real-world incidents have been reported where attackers used this flaw to gain VPN access via GlobalProtect, establish command-and-control (C2) channels, move laterally within trusted environments, and exfiltrate sensitive data.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Restrict access to the management web interface to only trusted internal IP addresses. Disable or restrict the use of the Cloud Authentication Service (CAS) on login interfaces to minimize the risk of exploitation.

Exploit

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-07004
CVE-2026-0265

Affected Products

Globalprotect
Pa-Series
Pan-Os
Panorama
Vm Series