CVE-2026-0257 is a CVSS 9.5 authentication bypass in PAN-OS GlobalProtect that allows unauthenticated attackers to forge session cookies and establish VPN tunnels as arbitrary users. Active exploitation has been confirmed since May 17, 2026, with attack infrastructure attributed to Vultr-hosted IPs. Any organization relying on GlobalProtect for remote access is at immediate risk of unauthorized network entry that is indistinguishable from a legitimate session.