PT-2026-40713 · Palo Alto Networks · Pan-Os+4
Published
2026-05-13
·
Updated
2026-06-01
·
CVE-2026-0265
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
PAN-OS (affected versions not specified)
Description
An authentication bypass exists in the Cloud Authentication Service (CAS) component of PAN-OS due to incorrect cryptographic signature verification. This allows an unauthenticated attacker with network access to bypass authentication controls when CAS is enabled. The risk is higher if CAS is enabled on the management interface and lower on other login interfaces. Technical exploitation involves forging JSON Web Tokens (JWTs) to bypass authentication and escalate privileges to administrator level. Real-world incidents have been reported where attackers used this flaw to gain VPN access via GlobalProtect, establish command-and-control (C2) channels, move laterally within trusted environments, and exfiltrate sensitive data.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Restrict access to the management web interface to only trusted internal IP addresses.
Disable or restrict the use of the Cloud Authentication Service (CAS) on login interfaces to minimize the risk of exploitation.
Exploit
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Globalprotect
Pa-Series
Pan-Os
Panorama
Vm Series