The Lock Is Broken: Critical Auth Bypasses Hit Cisco, GitHub, and Palo Alto

John Z Black Apr 21, 2026 Vulnerabilities & Patching #cisco #github #palo-alto #auth-bypass #cisa #kev #patch-now #saml #sd-wan

It has been a brutal week for authentication security. Critical bypasses in Cisco, GitHub Enterprise, and Palo Alto Networks have proven that the lock itself is broken.

Attackers do not need your password or your MFA code for these. In Cisco’s case, there were hardcoded credentials left in the code. For GitHub, a logic error in their SAML implementation lets anyone forge an admin login. Palo Alto’s GlobalProtect VPN has a hole that lets unauthenticated users walk right past the gate.

These are not minor software bugs. They are failures in the systems we trust to enforce identity. When the authentication layer collapses, every downstream control goes with it.

If you run any of these tools, patch them right now. CISA has already put Cisco on the active exploitation list. The gatekeepers are failing. Don’t let your network be next.

Get the ‘Power Patch’ guide for the Cisco, GitHub, and Palo Alto auth bypasses