Scheduled Maintenance : Prisma Access

Update: Changes to Impact.

Status: In Progress

Scheduled Window: May 23, 2026, 00:06 - June 22, 2026, 22:03 (UTC)

Locations: Ashburn, Auckland, Barcelona, Bogota, Brasilia, Brisbane, Calgary, Cape Town, Chennai, Chia, Chicago, Colombo, Dallas, Denver, Dubai, Dublin, Eemshaven, Frankfurt, Guadalajara, Hamburg, Hong Kong, Hyderabad, Islamabad, Jeddah, Jerusalem, Johannesburg, Karachi, Lagos, Lahore, Lima, London, Los Angeles, Madrid, Manama, Marseille, Melbourne, Mexico City, Miami, Moncks Corner, Monterrey, Moscow, Mumbai, Munich, New Delhi, New York City, Osaka, Paris, Perth, Phoenix, Port Moresby, Prague, Quebec, Rio de Janeiro, Riyadh, Rotterdam, Saint Petersburg, Salt Lake City, San Francisco, San Jose, Sao Paulo, Seoul, Singapore, Sydney, The Dalles, Tokyo, Toronto

Impact:

Dear Customers,

Please be advised that CVE-2026-0257 (https://security.paloaltonetworks.com/CVE-2026-0257) was upgraded to a "High" severity rating and we are therefore updating the advisory. The advisory applies to Prisma Access customers with Mobile User Gateways Deployment in conjunction with on-premises GlobalProtect Next-Generation Firewall (NGFW) gateways.

Palo Alto Networks will implement enhanced security measures for all Prisma Access deployments that use authentication override cookie feature enabled during the upcoming weekend. Consequently, the following actions are mandatory for all administrators:

Required Actions:

Provision Dedicated Authentication Certificates: It is strongly recommended that administrators allocate a dedicated certificate specifically for authentication override cookies. This measure is essential for protecting network infrastructure. Please ensure this certificate is stored securely to maintain its confidentiality and integrity.

Update PAN-OS versions for the On-Premises External NGFW Gateways: Please update all on-premises NGFW in a hybrid Prisma Access deployment to the suggested PAN-OS version addressing CVE-2026-0257, as detailed in the security advisory shared in the below link:

https://security.paloaltonetworks.com/CVE-2026-0257

Failure to upgrade the on-premises external NGFW gateway will result in GlobalProtect users being prompted for re-authentication, regardless of the presence of a valid authentication cookie.

You can track service status, maintenance-related updates, and sign up for notifications at:

https://sase.trust.paloaltonetworks.com/

If you have any questions, please open a case at: https://support.paloaltonetworks.com/

Update: Status changed to In Progress.

Status: In Progress

Scheduled Window: May 23, 2026, 00:06 - June 22, 2026, 22:03 (UTC)

Locations: Ashburn, Auckland, Barcelona, Bogota, Brasilia, Brisbane, Calgary, Cape Town, Chennai, Chia, Chicago, Colombo, Dallas, Denver, Dubai, Dublin, Eemshaven, Frankfurt, Guadalajara, Hamburg, Hong Kong, Hyderabad, Islamabad, Jeddah, Jerusalem, Johannesburg, Karachi, Lagos, Lahore, Lima, London, Los Angeles, Madrid, Manama, Marseille, Melbourne, Mexico City, Miami, Moncks Corner, Monterrey, Moscow, Mumbai, Munich, New Delhi, New York City, Osaka, Paris, Perth, Phoenix, Port Moresby, Prague, Quebec, Rio de Janeiro, Riyadh, Rotterdam, Saint Petersburg, Salt Lake City, San Francisco, San Jose, Sao Paulo, Seoul, Singapore, Sydney, The Dalles, Tokyo, Toronto

Impact:

This notification is to inform you of deployment alternatives that you must consider prior to upgrading your On-Prem GlobalProtect Gateways and Portals to PAN-OS versions that address CVE-2026-0257. The recommended PANOS version that addresses this CVE as listed in the below link:

https://security.paloaltonetworks.com/CVE-2026-0257

Required Action:

Best Practice Security Measure: It is strongly recommended that administrators provision a dedicated certificate specifically for the authentication override cookie. This action serves as the primary safeguard for your network infrastructure. Maintain the integrity of this certificate by ensuring it is stored in a secure manner and remains confidential

Upgrade Methodology: PAN-OS versions addressing CVE-2026-0257 (https://security.paloaltonetworks.com/CVE-2026-0257) introduces a default behavior change for GlobalProtect gateways. To maintain seamless connectivity across On-Prem GlobalProtect Gateways and Prisma Access Mobile User Gateways, organizations should select one of the following options:

• Option 1: Should an organization elect to accept the default behavior, please reach out to the Palo Alto Networks Support team to setup a change request on Prisma Access and co-ordinate change management window

• Option 2: Administrators must execute the following CLI command on the On-Prem GlobalProtect Gateway following the installation of the recommended PAN-OS versions

CLI Command: set global-protect enable-auth-override-cookie-hmac no

This approach requires no formal coordination with Palo Alto Networks Support teams.

You can track service status, maintenance-related updates, and sign up for notifications at:

https://sase.trust.paloaltonetworks.com/

If you have any questions, please open a case at: https://support.paloaltonetworks.com/

Status: Scheduled

Scheduled Window: May 22, 2026, 17:06 - June 22, 2026, 15:03 (America/Los_Angeles)

Locations: Ashburn, Auckland, Barcelona, Bogota, Brasilia, Brisbane, Calgary, Cape Town, Chennai, Chia, Chicago, Colombo, Dallas, Denver, Dubai, Dublin, Eemshaven, Frankfurt, Guadalajara, Hamburg, Hong Kong, Hyderabad, Islamabad, Jeddah, Jerusalem, Johannesburg, Karachi, Lagos, Lahore, Lima, London, Los Angeles, Madrid, Manama, Marseille, Melbourne, Mexico City, Miami, Moncks Corner, Monterrey, Moscow, Mumbai, Munich, New Delhi, New York City, Osaka, Paris, Perth, Phoenix, Port Moresby, Prague, Quebec, Rio de Janeiro, Riyadh, Rotterdam, Saint Petersburg, Salt Lake City, San Francisco, San Jose, Sao Paulo, Seoul, Singapore, Sydney, The Dalles, Tokyo, Toronto

Impact:

This notification is to inform you of deployment alternatives that you must consider prior to upgrading your On-Prem GlobalProtect Gateways and Portals to PAN-OS versions that address CVE-2026-0257. The recommended PANOS version that addresses this CVE as listed in the below link:

https://security.paloaltonetworks.com/CVE-2026-0257

Required Action:

Best Practice Security Measure: It is strongly recommended that administrators provision a dedicated certificate specifically for the authentication override cookie. This action serves as the primary safeguard for your network infrastructure. Maintain the integrity of this certificate by ensuring it is stored in a secure manner and remains confidential

Upgrade Methodology: PAN-OS versions addressing CVE-2026-0257 (https://security.paloaltonetworks.com/CVE-2026-0257) introduces a default behavior change for GlobalProtect gateways. To maintain seamless connectivity across On-Prem GlobalProtect Gateways and Prisma Access Mobile User Gateways, organizations should select one of the following options:

• Option 1: Should an organization elect to accept the default behavior, please reach out to the Palo Alto Networks Support team to setup a change request on Prisma Access and co-ordinate change management window

• Option 2: Administrators must execute the following CLI command on the On-Prem GlobalProtect Gateway following the installation of the recommended PAN-OS versions

CLI Command: set global-protect enable-auth-override-cookie-hmac no

This approach requires no formal coordination with Palo Alto Networks Support teams.

We will provide updates when maintenance begins.