CVE-2026-0257 is a critical authentication bypass in PAN-OS GlobalProtect with a CVSS of 9.8 and an EPSS score at the 98th percentile, confirmed actively exploited by Palo Alto Networks Unit 42 and Rapid7. Unauthenticated remote attackers can bypass GlobalProtect authentication to gain direct access to internal network segments without valid credentials. Any internet-facing GlobalProtect gateway or portal running an affected PAN-OS version requires immediate patch action.