Free practical cybersecurity guidance for organisations without a security team.
hello@actionsoncyber.com
Actions On Cyber logo
Contact
← Back to Vulnerability Briefs

Important Security Flaw in Palo Alto Networks Firewalls Could Let Attackers Bypass Login

A serious security weakness has been found in Palo Alto Networks firewall software that could allow attackers to bypass login controls if a specific cloud authentication feature is enabled. This matters because it could let unauthorised users access your network management settings, potentially compromising your security.

17 May 2026

Reference: CVE-2026-0265

1. What is being reported?

Researchers have discovered a vulnerability in Palo Alto Networks PAN-OS software used on certain firewalls and management systems. If the Cloud Authentication Service (CAS) is turned on, especially on the management interface, attackers with network access might bypass the usual login process without needing a password.

2. What this means in plain English

If your organisation uses affected Palo Alto firewalls with CAS enabled on the management interface, attackers could gain control over your firewall settings without logging in properly. This could lead to unauthorised changes, exposing your network to further attacks or data breaches.

3. Could this affect a small business?

Small businesses or charities using Palo Alto PA-Series or VM-Series firewalls or Panorama management systems with CAS enabled on the management interface could be at risk. If you do not use these products, or if CAS is not enabled on the management interface, your risk is much lower. Cloud NGFW and Prisma Access users are not affected.

4. What to do now

  • Check if your Palo Alto firewall or management system uses PAN-OS software with Cloud Authentication Service enabled.
  • If CAS is enabled on the management interface, restrict access to this interface to trusted internal IP addresses only, following Palo Alto’s best practice guidelines.
  • Contact your IT provider or Palo Alto Networks support to confirm if patches or updates are available to fix this vulnerability.
  • Monitor your firewall logs for any unusual access attempts and review your network security settings regularly.

5. Ask your IT provider

Can you confirm whether our Palo Alto firewall or Panorama system is affected by CVE-2026-0265, and what steps have been taken to secure or patch it?

6. Bottom line

If you use Palo Alto firewalls with Cloud Authentication Service enabled on the management interface, act quickly to restrict access and check for updates to prevent unauthorised access.

Information based on CISA KEV, NVD and reputable security reporting.

Back to Vulnerability Briefs