Today, CISA announced that it was adding an authentication bypass vulnerability in the Palo Alto Networks (PAN) PAN-OS to CISA’s Known Exploited Vulnerabilities catalog. PAN originally disclosed the vulnerability on May 13th, 2026. The vulnerability was discovered by internal researchers. PAN updated that advisory today, reporting that: “Palo Alto Networks has become aware of limited exploit attempts on unpatched PAN-OS devices without mitigations applied.”
NOTE: PAN has identified this vulnerability as a reliance on cookies without validation and integrity check vulnerability. CISA’s ‘authentication bypass’ is a more generic description of the apparent vulnerability application.
CISA is requiring federal agencies to apply “mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.” They have provided a compliance deadline for June 1st, 2026.
Posts
No comments:
Post a Comment