Palo Alto Networks says attackers are actively exploiting a GlobalProtect VPN vulnerability known as CVE-2026-0257. The bug affects certain GlobalProtect portal and gateway setups and lets attackers connect to a VPN without the usual login and authentication checks. Since GlobalProtect is typically exposed to the internet, a successful attack could give cybercriminals access to an organization’s internal network. Security researchers have already observed real-world attacks targeting vulnerable systems. If your organization uses GlobalProtect, check whether you are affected and install the latest security updates. Palo Alto Networks has released fixes for supported PAN-OS versions and urges customers to update as soon as possible. Security teams should also monitor VPN logs and investigate any unusual login activity or unexpected VPN connections.