CISA Adds Critical Palo Alto Networks Firewall Flaw to KEV

CISA Adds Critical Palo Alto Networks Firewall Flaw to KEV 🚨

Hackers are exploiting a software vulnerability in Palo Alto Networks’ firewalls to evade login requirements and remotely access protected systems. The company warned on Friday that they have become aware of limited exploit attempts on unpatched PAN-OS devices without mitigations applied, as detailed in an update to their security advisory about the flaw, tracked as CVE-2026-0257.

Crucially, CISA has added this high-severity bug to its Known Exploited Vulnerabilities catalog, which mandates federal agencies to rapidly patch the flaw. Many critical infrastructure organizations and the U.S. government utilize firewalls from Palo Alto Networks, a leading vendor in the marketplace. If hackers bypass these firewalls’ protections, they could gain sweeping access to customers’ networks. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise, as stated in CISA’s alert regarding the KEV addition.

Researchers at Rapid7 noted that they observed exploitation beginning in mid-May, although they had not yet seen evidence of successful lateral movement from the firewalls to other network devices. However, they emphasized that an authentication bypass in an edge-facing enterprise VPN appliance can have a significant impact on affected organizations. Hackers have frequently targeted Palo Alto Networks firewalls due to their essential role in defending the network perimeter. In May, the company disclosed another flaw in PAN-OS’s authentication system, which CISA also added to the KEV.

For more details, Read full article