Palo Alto Networks PAN-OS Authentication Bypass (CVE-2026-0265) Affects Firewalls with Cloud Authentication Service
A critical authentication bypass vulnerability in Palo Alto Networks PAN-OS (CVE-2026-0265) allows remote unauthenticated attackers to bypass authentication when Cloud Authentication Service is enabled on a login interface.
Palo Alto Networks has published a security advisory for CVE-2026-0265, a signature verification vulnerability that facilitates authentication bypass on PAN-OS, the operating system running on most Palo Alto Networks firewalls. The flaw allows a remote unauthenticated attacker with network access to bypass authentication when Cloud Authentication Service (CAS) is enabled and attached to a login interface.
The vulnerability affects PAN-OS on PA-Series and VM-Series firewalls, as well as Panorama (virtual and M-Series) appliances. Cloud NGFW and Prisma Access are not affected. Palo Alto Networks assigned CVE-2026-0265 a CVSS score of 9.3, reflecting the critical nature of the flaw. The vulnerable configuration is non-default but common, meaning many organizations that have enabled CAS for cloud-based authentication may be exposed.
Rapid7, which analyzed the vulnerability, noted that the issue stems from a signature verification weakness that allows attackers to forge authentication tokens. An attacker who successfully exploits the flaw can gain unauthorized access to the firewall's management interface, potentially leading to full compromise of the network security appliance.
Palo Alto Networks has released security updates to address the vulnerability. Organizations using PAN-OS with Cloud Authentication Service enabled should prioritize patching, as the attack vector is remote and requires no authentication. The advisory follows a pattern of critical vulnerabilities in network security appliances that, if left unpatched, can provide attackers with a direct path into an organization's network infrastructure.