CISA adds PAN-OS auth bypass CVE-2026-0257 to KEV Catalog
BOD 22-01 requires Federal Civilian Executive Branch agencies to remediate; the specific deadline for this CVE is not stated in the advisory.
TL;DR
CISA added CVE-2026-0257, a Palo Alto Networks PAN-OS authentication bypass vulnerability, to the Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. Federal Civilian Executive Branch agencies must remediate by the BOD 22-01 due date assigned to this entry; that date is not specified in the advisory. Contractors and integrators supporting FCEB systems should treat this as an inherited obligation and check the KEV Catalog directly for the deadline.
CISA added CVE-2026-0257, a Palo Alto Networks PAN-OS authentication bypass vulnerability, to the Known Exploited Vulnerabilities (KEV) Catalog on May 29, 2026, citing evidence of active exploitation. Binding Operational Directive (BOD) 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate all KEV-listed vulnerabilities by their assigned due dates; the specific deadline for this entry was not published in the advisory text and should be confirmed directly in the catalog.
Contractors and system integrators supporting FCEB networks inherit a practical remediation obligation through their agency customers, even though BOD 22-01 formally binds agencies alone. PAN-OS authentication bypass vulnerabilities are a recurring vector in federal-network intrusions; organizations running PAN-OS in government-standard configurations should verify whether those configurations are affected and apply vendor guidance promptly.
Published ·Updated ·Deep Fathom