Medium Severity, Maximum Impact: How Attackers Learned to Game CVSS
On May 13, Palo Alto Networks disclosed CVE-2026-0257, an authentication bypass affecting PAN-OS GlobalProtect. The company tagged it medium severity. Within four days, Rapid7 observed successful exploitation in a customer environment. Within two weeks, CISA added it to the Known Exploited Vulnerabilities catalog, and Palo Alto revised the score from 4.7 medium to 7.8 high. Rapid7 urged customers to treat the issue as critical because of where the flaw sat: an internet-facing enterprise VPN.
The technical details are surprisingly simple. When a GlobalProtect deployment reuses the same certificate for its HTTPS service and its authentication override cookies, an attacker can pull the public key directly from the server's TLS handshake and use it to forge a valid session cookie. The entire exploit is a single HTTP request. No credentials required, no privileges necessary.
The timeline is worth noting. This vulnerability was exploited across numerous environments before most organizations had moved it up their patch queue. The gap between disclosure and response is a structural property of how vulnerability management works — and attackers have figured that out.
How Severity Ratings Became Policy
CVSS was designed as a consistent scoring framework, a common language for comparing vulnerability severity across vendors and products. What it became, in practice, is an operational policy engine. Organizations built patch SLAs around it: critical-severity vulnerabilities get patched in days, high-severity in weeks, medium-severity in the next quarterly cycle. This approach is reasonable — security teams are outnumbered by their vulnerability backlogs, and they needed a way to triage.
FIRST, the organization that maintains the CVSS standard, has said explicitly that base scores aren’t sufficient for prioritization on their own. But for many organizations, that's exactly how the scores function — as the primary, often sole filter for where to direct remediation effort.
The result is that every attacker who reads a disclosure feed knows what a medium score means operationally: the organization will get to it eventually.
The 28% Problem
The numbers behind this have been accumulating for a while. Recent analysis puts the share of actively exploited CVEs that carry medium CVSS scores at 28%. Meanwhile, only about 2.3% of high-severity+ CVEs see actual exploitation attempts. The authors of the Exploit Prediction Scoring System noted this disparity as evidence that attackers aren’t simply targeting vulnerabilities that score highest on the standard scale. They’re also factoring attack surface, exploit simplicity, and defender response time.
This isn't opportunism on the part of attackers — it's strategy. Medium-severity vulnerabilities on widely-deployed perimeter devices represent a reliable exploitation window, specifically because they fall below the threshold that triggers urgent response.
What AI-Assisted Triage Gets Wrong
According to a Palo Alto Networks spokesperson quoted by CyberScoop, the company’s Unit 42 team discovered CVE-2026-0257 using frontier AI tools and disclosed it as medium severity. This illustrates something that isn't yet widely discussed about AI-assisted vulnerability analysis.
Static analysis of a vulnerability — examining the flaw in isolation, scoring exploitability and impact against standard criteria — is exactly the kind of structured task that AI tools perform well. But they can't reliably predict exploitation velocity in the wild: how quickly threat actors will identify and weaponize a disclosed vulnerability given its context, the installed base of the affected product, the availability of public proof-of-concept code, and the gap between disclosure and the median patch time for that category of device.
CVSS wasn't actually designed to capture those factors either. That's not a flaw in the framework so much as a fundamental limit of static scoring — it measures the vulnerability as a technical artifact, not as an event in an adversarial ecosystem. AI tools trained on historical scoring data will reproduce those same scoring conventions. A 7.8 CVSS score represents a high-severity vulnerability by most scales, and yet in this case, it still got treated as the low-priority end of the queue.
Organizations investing in AI-assisted triage need to ask whether those tools are helping them make better decisions, or whether they're automating the same prioritization assumptions that attackers have already learned to exploit.
The Perimeter Device Problem
There's an additional aspect to this specific case that generalizes. Network edge devices — firewalls, VPN gateways, load balancers — occupy a structurally distinct position in the attack surface. They're exposed to the internet by design. And they're frequently excluded from the same rapid patch processes applied to endpoint or server software because patching them requires downtime planning and change control windows. Also, they're protecting the boundary that, once bypassed, grants access to everything behind it.
An authentication bypass on a perimeter firewall is not the same risk as an authentication bypass in an internal application with equivalent CVSS scores. The asset criticality, exposure, and consequence of successful exploitation are categorically different. CVSS doesn't know this. A severity-only prioritization program doesn't distinguish between them.
What This Means for How Defenders Prioritize
The implication isn't "patch everything faster.” That’s not operationally realistic. The takeaway here is that severity-based prioritization needs a secondary filter that accounts for at least three factors CVSS doesn't capture: asset exposure (is this device internet-facing?), exploitation simplicity (does a public PoC exist, or is the attack path simple enough that one will appear quickly?), and asset criticality (what does successful exploitation actually unlock?).
A medium-severity auth bypass with a public PoC on an internet-facing perimeter device isn't a medium-priority patch. It's an emergency.
The Exploit Prediction Scoring System exists partly to address this, providing probability-weighted exploitation likelihood scores as a complement to CVSS severity. Threat intelligence feeds tracking exploitation in the wild provide another signal. Neither is a complete solution, but combining them with asset context gets significantly closer to a prioritization model that reflects actual attacker behavior rather than theoretical severity.
Sources
Matt Kapko. "Attackers are exploiting Palo Alto Networks defect that initially flew under the radar," June 2026: cyberscoop.com
Rapid7 MDR. "Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)," May 2026: rapid7.com
Palo Alto Networks. "CVE-2026-0257 PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities," May 2026: security.paloaltonetworks.com
Picus Security. "Vulnerability Prioritization in 2026: Why CVSS Isn't Enough," April 2026: picussecurity.com
FIRST. "CVSS v4.0 User Guide," first.org
FIRST. "Exploit Prediction Scoring System (EPSS)," first.org