CVE-2026-0257 is a critical authentication bypass in PAN-OS GlobalProtect portal and gateway components with a CVSS of 9.5, confirmed active exploitation since May 17, 2026, a public proof-of-concept, CISA KEV listing, and an EPSS score at the 98.3rd percentile. Any unpatched GlobalProtect deployment with authentication override cookies enabled is actively being scanned and exploited by multiple opportunistic threat clusters.