Vulnerability-Lookup

WID-SEC-W-2026-1535

Vulnerability from csaf_certbund - Published: 2026-05-14 22:00 - Updated: 2026-05-14 22:00

Summary

Palo Alto Networks GlobalProtect App: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: GlobalProtect von PaloAlto ist eine Sicherheitsplattform.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Palo Alto Networks GlobalProtect App ausnutzen, um Administratorrechte zu erlangen, beliebigen Code mit Administratorrechten auszuführen, vertrauliche Informationen offenzulegen, Daten zu manipulieren und einen Denial-of-Service-Zustand herbeizuführen.

Betroffene Betriebssysteme: - Android - Linux - MacOS X - Sonstiges - Windows

CVE-2026-0249

Affected products

Known affected 7 products

Product	Identifier	Version	Remediation
Palo Alto Networks GlobalProtect App <6.3.3-h9 Palo Alto Networks / GlobalProtect		App <6.3.3-h9
Palo Alto Networks GlobalProtect App <6.3.3-h2 Palo Alto Networks / GlobalProtect		App <6.3.3-h2
Palo Alto Networks GlobalProtect App <6.0.11 Palo Alto Networks / GlobalProtect		App <6.0.11
Palo Alto Networks GlobalProtect App <6.0.13 Palo Alto Networks / GlobalProtect		App <6.0.13
Palo Alto Networks GlobalProtect App <6.0.14 Palo Alto Networks / GlobalProtect		App <6.0.14
Palo Alto Networks GlobalProtect App <6.1.13 Palo Alto Networks / GlobalProtect		App <6.1.13
Palo Alto Networks GlobalProtect App <6.2.8-h10 Palo Alto Networks / GlobalProtect		App <6.2.8-h10

CVE-2026-0250

Affected products

Known affected 8 products

Product	Identifier	Version	Remediation
Palo Alto Networks GlobalProtect App <6.3.3-h9 Palo Alto Networks / GlobalProtect		App <6.3.3-h9
Palo Alto Networks GlobalProtect App <6.3.3-h2 Palo Alto Networks / GlobalProtect		App <6.3.3-h2
Palo Alto Networks GlobalProtect App <6.0.11 Palo Alto Networks / GlobalProtect		App <6.0.11
Palo Alto Networks GlobalProtect App <6.3.3-h10 Palo Alto Networks / GlobalProtect		App <6.3.3-h10
Palo Alto Networks GlobalProtect App <6.0.13 Palo Alto Networks / GlobalProtect		App <6.0.13
Palo Alto Networks GlobalProtect App <6.0.14 Palo Alto Networks / GlobalProtect		App <6.0.14
Palo Alto Networks GlobalProtect App <6.1.13 Palo Alto Networks / GlobalProtect		App <6.1.13
Palo Alto Networks GlobalProtect App <6.2.8-h10 Palo Alto Networks / GlobalProtect		App <6.2.8-h10

CVE-2026-0251

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Palo Alto Networks GlobalProtect App <6.3.3-h9 Palo Alto Networks / GlobalProtect		App <6.3.3-h9
Palo Alto Networks GlobalProtect App <6.3.3-h2 Palo Alto Networks / GlobalProtect		App <6.3.3-h2
Palo Alto Networks GlobalProtect App <6.0.11 Palo Alto Networks / GlobalProtect		App <6.0.11
Palo Alto Networks GlobalProtect App <6.3.3-h10 Palo Alto Networks / GlobalProtect		App <6.3.3-h10
Palo Alto Networks GlobalProtect App <6.0.13 Palo Alto Networks / GlobalProtect		App <6.0.13
Palo Alto Networks GlobalProtect App <6.2.8-h10 Palo Alto Networks / GlobalProtect		App <6.2.8-h10

References

5 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://security.paloaltonetworks.com/CVE-2026-0249	external
https://security.paloaltonetworks.com/CVE-2026-0250	external
https://security.paloaltonetworks.com/CVE-2026-0251	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "GlobalProtect von PaloAlto ist eine Sicherheitsplattform.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Palo Alto Networks GlobalProtect App ausnutzen, um Administratorrechte zu erlangen, beliebigen Code mit Administratorrechten auszuf\u00fchren, vertrauliche Informationen offenzulegen, Daten zu manipulieren und einen Denial-of-Service-Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Android\n- Linux\n- MacOS X\n- Sonstiges\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1535 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1535.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1535 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1535"
      },
      {
        "category": "external",
        "summary": "Palo Alto Networks Security Advisory vom 2026-05-13",
        "url": "https://security.paloaltonetworks.com/CVE-2026-0249"
      },
      {
        "category": "external",
        "summary": "Palo Alto Networks Security Advisory vom 2026-05-13",
        "url": "https://security.paloaltonetworks.com/CVE-2026-0250"
      },
      {
        "category": "external",
        "summary": "Palo Alto Networks Security Advisory vom 2026-05-13",
        "url": "https://security.paloaltonetworks.com/CVE-2026-0251"
      }
    ],
    "source_lang": "en-US",
    "title": "Palo Alto Networks GlobalProtect App: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-05-14T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-15T09:59:23.721+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-1535",
      "initial_release_date": "2026-05-14T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-05-14T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "App \u003c6.3.3-h10",
                "product": {
                  "name": "Palo Alto Networks GlobalProtect App \u003c6.3.3-h10",
                  "product_id": "T041834"
                }
              },
              {
                "category": "product_version",
                "name": "App 6.3.3-h10",
                "product": {
                  "name": "Palo Alto Networks GlobalProtect App 6.3.3-h10",
                  "product_id": "T041834-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:paloaltonetworks:globalprotect:6.0.11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "App \u003c6.3.3-h2",
                "product": {
                  "name": "Palo Alto Networks GlobalProtect App \u003c6.3.3-h2",
                  "product_id": "T046205"
                }
              },
              {
                "category": "product_version",
                "name": "App 6.3.3-h2",
                "product": {
                  "name": "Palo Alto Networks GlobalProtect App 6.3.3-h2",
                  "product_id": "T046205-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:paloaltonetworks:globalprotect:windows__6.3.3-h2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "App \u003c6.3.3-h9",
                "product": {
                  "name": "Palo Alto Networks GlobalProtect App \u003c6.3.3-h9",
                  "product_id": "T054145"
                }
              },
              {
                "category": "product_version",
                "name": "App 6.3.3-h9",
                "product": {
                  "name": "Palo Alto Networks GlobalProtect App 6.3.3-h9",
                  "product_id": "T054145-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:paloaltonetworks:globalprotect:app__6.3.3-h9"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "App \u003c6.2.8-h10",
                "product": {
                  "name": "Palo Alto Networks GlobalProtect App \u003c6.2.8-h10",
                  "product_id": "T054146"
                }
              },
              {
                "category": "product_version",
                "name": "App 6.2.8-h10",
                "product": {
                  "name": "Palo Alto Networks GlobalProtect App 6.2.8-h10",
                  "product_id": "T054146-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:paloaltonetworks:globalprotect:app__6.2.8-h10"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "App \u003c6.1.13",
                "product": {
                  "name": "Palo Alto Networks GlobalProtect App \u003c6.1.13",
                  "product_id": "T054147"
                }
              },
              {
                "category": "product_version",
                "name": "App 6.1.13",
                "product": {
                  "name": "Palo Alto Networks GlobalProtect App 6.1.13",
                  "product_id": "T054147-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:paloaltonetworks:globalprotect:app__6.1.13"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "App \u003c6.0.14",
                "product": {
                  "name": "Palo Alto Networks GlobalProtect App \u003c6.0.14",
                  "product_id": "T054148"
                }
              },
              {
                "category": "product_version",
                "name": "App 6.0.14",
                "product": {
                  "name": "Palo Alto Networks GlobalProtect App 6.0.14",
                  "product_id": "T054148-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:paloaltonetworks:globalprotect:app__6.0.14"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "App \u003c6.0.13",
                "product": {
                  "name": "Palo Alto Networks GlobalProtect App \u003c6.0.13",
                  "product_id": "T054149"
                }
              },
              {
                "category": "product_version",
                "name": "App 6.0.13",
                "product": {
                  "name": "Palo Alto Networks GlobalProtect App 6.0.13",
                  "product_id": "T054149-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:paloaltonetworks:globalprotect:app__6.0.13"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "App \u003c6.0.11",
                "product": {
                  "name": "Palo Alto Networks GlobalProtect App \u003c6.0.11",
                  "product_id": "T054150"
                }
              },
              {
                "category": "product_version",
                "name": "App 6.0.11",
                "product": {
                  "name": "Palo Alto Networks GlobalProtect App 6.0.11",
                  "product_id": "T054150-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:paloaltonetworks:globalprotect:app__6.0.11"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "GlobalProtect"
          }
        ],
        "category": "vendor",
        "name": "Palo Alto Networks"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-0249",
      "product_status": {
        "known_affected": [
          "T054145",
          "T046205",
          "T054150",
          "T054149",
          "T054148",
          "T054147",
          "T054146"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-0249"
    },
    {
      "cve": "CVE-2026-0250",
      "product_status": {
        "known_affected": [
          "T054145",
          "T046205",
          "T054150",
          "T041834",
          "T054149",
          "T054148",
          "T054147",
          "T054146"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-0250"
    },
    {
      "cve": "CVE-2026-0251",
      "product_status": {
        "known_affected": [
          "T054145",
          "T046205",
          "T054150",
          "T041834",
          "T054149",
          "T054146"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-0251"
    }
  ]
}

CVE-2026-0249 (GCVE-0-2026-0249)

Vulnerability from cvelistv5 – Published: 2026-05-13 18:32 – Updated: 2026-05-15 09:57

Title

GlobalProtect App: Certificate Validation Bypass Vulnerabilities

Summary

Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subnet to redirect traffic to an unauthorized server and facilitate the installation of malicious software. The GlobalProtect app on Linux, Windows, iOS and GlobalProtect UWP app are not affected.

Severity

4.9 (Medium)


                        
                          CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-295 - Improper Certificate Validation

Assigner

palo_alto

References

1 reference

URL	Tags
https://security.paloaltonetworks.com/CVE-2026-0249	vendor-advisory

Impacted products

4 products

Vendor	Product	Version
Palo Alto Networks	GlobalProtect App	Affected: 6.3.0 , < 6.3.3-h9 (6.3.3-999) (custom) Affected: 6.2.0 , < 6.2.8-h10 (6.2.8-948) (custom)
Palo Alto Networks	GlobalProtect App	Affected: 6.1.0 , < 6.1.13 (custom) Affected: 6.0.0 , < 6.0.14 (custom)
Palo Alto Networks	GlobalProtect App	Affected: 6.0.0 , < 6.0.13 (custom)
Palo Alto Networks	GlobalProtect App	Unaffected: All (custom)

Date Public

2026-05-13 16:00

Credits

Palo Alto Networks thanks Kakao Corp. Service Security Team and our internal security research teams for discovering and reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0249",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-15T03:56:08.016080Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-15T09:57:30.206Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "macOS"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.3.3-h9 (6.3.3-999)",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.3.3-h9 (6.3.3-999)",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.2.8-h10 (6.2.8-948)",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.2.8-h10 (6.2.8-948)",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Android",
            "ChromeOS"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.1.13",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.1.13",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.0.14",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.0.14",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "macOS"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.0.13",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.0.13",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "Linux",
            "iOS",
            "Windows UWP"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe issue is applicable to the GlobalProtect app on macOS only if SAML authentication with an \u003ca href=\"https://docs.paloaltonetworks.com/globalprotect/administration/globalprotect-user-authentication/set-up-external-authentication/set-up-saml-authentication/enable-default-browser-for-saml-authentication-using-client-authentication-settings\"\u003eembedded browser is enabled\u003c/a\u003e. No special configuration is required for the GlobalProtect app on Android/Chrome OS to be affected by this issue.\u003c/p\u003e"
            }
          ],
          "value": "The issue is applicable to the GlobalProtect app on macOS only if SAML authentication with an embedded browser is enabled (https://docs.paloaltonetworks.com/globalprotect/administration/globalprotect-user-authentication/set-up-external-authentication/set-up-saml-authentication/enable-default-browser-for-saml-authentication-using-client-authentication-settings). No special configuration is required for the GlobalProtect app on Android/Chrome OS to be affected by this issue."
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:*",
                  "versionEndExcluding": "6.3.3-h9_(6.3.3-999)",
                  "versionStartIncluding": "6.3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:*",
                  "versionEndExcluding": "6.2.8-h10_(6.2.8-948)",
                  "versionStartIncluding": "6.2.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Android:*:*",
                  "versionEndExcluding": "6.1.13",
                  "versionStartIncluding": "6.1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:ChromeOS:*:*",
                  "versionEndExcluding": "6.1.13",
                  "versionStartIncluding": "6.1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Android:*:*",
                  "versionEndExcluding": "6.0.14",
                  "versionStartIncluding": "6.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:ChromeOS:*:*",
                  "versionEndExcluding": "6.0.14",
                  "versionStartIncluding": "6.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:*",
                  "versionEndExcluding": "6.0.13",
                  "versionStartIncluding": "6.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "other",
          "value": "Palo Alto Networks thanks Kakao Corp. Service Security Team and our internal security research teams for discovering and reporting this issue."
        }
      ],
      "datePublic": "2026-05-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMultiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect\u2122 app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subnet to redirect traffic to an unauthorized server and facilitate the installation of malicious software.\u003cbr\u003e\u003cbr\u003eThe GlobalProtect app on Linux, Windows, iOS and GlobalProtect UWP app are not affected.\u003c/p\u003e"
            }
          ],
          "value": "Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect\u2122 app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subnet to redirect traffic to an unauthorized server and facilitate the installation of malicious software.\n\nThe GlobalProtect app on Linux, Windows, iOS and GlobalProtect UWP app are not affected."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of these issues.\u003c/p\u003e"
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-94",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-94 Adversary in the Middle (AiTM)"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "ADJACENT",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "UNREPORTED",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295 Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T18:32:12.091Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2026-0249"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eMinor Version\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.1 on Android\u003c/td\u003e\u003ctd\u003e6.1.0 through 6.1.12\u003c/td\u003e\u003ctd\u003eUpgrade to 6.1.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.0 on Android\u003c/td\u003e\u003ctd\u003e6.0.0 through 6.0.13\u003c/td\u003e\u003ctd\u003eUpgrade to 6.0.14 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.1 on Chrome OS\u003c/td\u003e\u003ctd\u003e6.1.0 through 6.1.12\u003c/td\u003e\u003ctd\u003eUpgrade to 6.1.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.0 on Chrome OS\u003c/td\u003e\u003ctd\u003e6.0.0 through 6.0.13\u003c/td\u003e\u003ctd\u003eUpgrade to 6.0.14 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.3 on macOS\u003c/td\u003e\u003ctd\u003e6.3.0 through 6.3.3-h8\u003c/td\u003e\u003ctd\u003eUpgrade to 6.3.3-h9 (6.3.3-999) or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.2 on macOS\u003c/td\u003e\u003ctd\u003e6.2.0 through 6.2.8-h9\u003c/td\u003e\u003ctd\u003eUpgrade to 6.2.8-h10 (6.2.8-948) or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.0 on macOS\u003c/td\u003e\u003ctd\u003e6.0.0 through 6.0.12\u003c/td\u003e\u003ctd\u003eUpgrade to 6.0.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on Windows\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on Linux\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on iOS\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on UWP\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
            }
          ],
          "value": "Version                              Minor Version            Suggested Solution\nGlobalProtect App 6.1 on Android     6.1.0 through 6.1.12     Upgrade to 6.1.13 or later.\nGlobalProtect App 6.0 on Android     6.0.0 through 6.0.13     Upgrade to 6.0.14 or later.\nGlobalProtect App 6.1 on Chrome OS   6.1.0 through 6.1.12     Upgrade to 6.1.13 or later.\nGlobalProtect App 6.0 on Chrome OS   6.0.0 through 6.0.13     Upgrade to 6.0.14 or later.\nGlobalProtect App 6.3 on macOS       6.3.0 through 6.3.3-h8   Upgrade to 6.3.3-h9 (6.3.3-999) or later.\nGlobalProtect App 6.2 on macOS       6.2.0 through 6.2.8-h9   Upgrade to 6.2.8-h10 (6.2.8-948) or later.\nGlobalProtect App 6.0 on macOS       6.0.0 through 6.0.12     Upgrade to 6.0.13 or later.\nGlobalProtect App on Windows                                  No action needed.\nGlobalProtect App on Linux                                    No action needed.\nGlobalProtect App on iOS                                      No action needed.\nGlobalProtect App on UWP                                      No action needed."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-13T16:00:00.000Z",
          "value": "Initial publication."
        }
      ],
      "title": "GlobalProtect App: Certificate Validation Bypass Vulnerabilities",
      "workarounds": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eNo known workarounds exist for this issue.\u003c/p\u003e"
            }
          ],
          "value": "No known workarounds exist for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2026-0249",
    "datePublished": "2026-05-13T18:32:12.091Z",
    "dateReserved": "2025-11-03T20:44:09.928Z",
    "dateUpdated": "2026-05-15T09:57:30.206Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0250 (GCVE-0-2026-0250)

Vulnerability from cvelistv5 – Published: 2026-05-13 18:26 – Updated: 2026-05-14 03:56

Title

GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway

Summary

A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect™ app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of requests and responses exchanged between Portal and Gateway. The GlobalProtect app on iOS is not affected.

Severity

5.2 (Medium)


                        
                          CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-787 - Out-of-bounds Write

Assigner

palo_alto

References

1 reference

URL	Tags
https://security.paloaltonetworks.com/CVE-2026-0250	vendor-advisory

Impacted products

7 products

Vendor	Product	Version
Palo Alto Networks	GlobalProtect App	Affected: 6.3.0 , < 6.3.3-h9 (6.3.3-999) (custom) Affected: 6.2.0 , < 6.2.8-h10 (6.2.8-948) (custom)
Palo Alto Networks	GlobalProtect App	Affected: 6.1 , < 6.1.13 (custom)
Palo Alto Networks	GlobalProtect App	Affected: 6.3.0 , < 6.3.3-h2 (6.3.3-42) (custom) Affected: 6.0.0 , < 6.0.11 (custom)
Palo Alto Networks	GlobalProtect App	Affected: 6.0 , < 6.0.13 (custom)
Palo Alto Networks	GlobalProtect App	Affected: 6.0 , < 6.0.14 (custom)
Palo Alto Networks	GlobalProtect UWP App	Affected: 6.3 , < 6.3.3-h10 (custom)
Palo Alto Networks	GlobalProtect App	Unaffected: All (custom)

Date Public

2026-05-13 16:00

Credits

our internal security research teams

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0250",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-14T03:56:37.034Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "MacOS"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.3.3-h9 (6.3.3-999)",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.3.3-h9 (6.3.3-999)",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.2.8-h10 (6.2.8-948)",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.2.8-h10 (6.2.8-948)",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Android",
            "Chrome OS"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.1.13",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.1.13",
              "status": "affected",
              "version": "6.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.3.3-h2 (6.3.3-42)",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.3.3-h2 (6.3.3-42)",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.0.11",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.0.11",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "MacOS"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.0.13",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.0.13",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Android",
            "Chrome OS"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.0.14",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.0.14",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "GlobalProtect UWP App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.3.3-h10",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.3.3-h10",
              "status": "affected",
              "version": "6.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "iOS"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eNo special configuration is required to be affected by this issue.\u003c/p\u003e"
            }
          ],
          "value": "No special configuration is required to be affected by this issue."
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:windows:*:*:*:*:*",
                  "versionEndExcluding": "6.3.3-h9_6.3.3-999_",
                  "versionStartIncluding": "6.3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:macos:*:*:*:*:*",
                  "versionEndExcluding": "6.3.3-h9_6.3.3-999_",
                  "versionStartIncluding": "6.3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:windows:*:*:*:*:*",
                  "versionEndExcluding": "6.2.8-h10_6.2.8-948_",
                  "versionStartIncluding": "6.2.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:macos:*:*:*:*:*",
                  "versionEndExcluding": "6.2.8-h10_6.2.8-948_",
                  "versionStartIncluding": "6.2.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:android:*:*:*:*:*",
                  "versionEndExcluding": "6.1.13",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:chrome_os:*:*:*:*:*",
                  "versionEndExcluding": "6.1.13",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:linux:*:*:*:*:*",
                  "versionEndExcluding": "6.3.3-h2_6.3.3-42_",
                  "versionStartIncluding": "6.3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:linux:*:*:*:*:*",
                  "versionEndExcluding": "6.0.11",
                  "versionStartIncluding": "6.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:windows:*:*:*:*:*",
                  "versionEndExcluding": "6.0.13",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:macos:*:*:*:*:*",
                  "versionEndExcluding": "6.0.13",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:android:*:*:*:*:*",
                  "versionEndExcluding": "6.0.14",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:chrome_os:*:*:*:*:*",
                  "versionEndExcluding": "6.0.14",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_uwp_app:*:*:windows:*:*:*:*:*",
                  "versionEndExcluding": "6.3.3-h10",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:all:*:ios:*:*:*:*:*",
                  "vulnerable": false
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "other",
          "value": "our internal security research teams"
        }
      ],
      "datePublic": "2026-05-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect\u2122 app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of requests and responses exchanged between Portal and Gateway.\u003c/p\u003e\u003cp\u003eThe GlobalProtect app on iOS is not affected.\u003c/p\u003e"
            }
          ],
          "value": "A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect\u2122 app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of requests and responses exchanged between Portal and Gateway.\n\n\n\nThe GlobalProtect app on iOS is not affected."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-540",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-540 Overread Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "ADJACENT",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "UNREPORTED",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T18:26:51.927Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2026-0250"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eMinor Version\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.3 on Windows\u003c/td\u003e\u003ctd\u003e6.3.0 through 6.3.3-h8\u003c/td\u003e\u003ctd\u003eUpgrade to 6.3.3-h9 (6.3.3-999) or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.2 on Windows\u003c/td\u003e\u003ctd\u003e6.2.0 through 6.2.8-h9\u003c/td\u003e\u003ctd\u003eUpgrade to 6.2.8-h10 (6.2.8-948) or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.0 on Windows\u003c/td\u003e\u003ctd\u003e6.0.0 through 6.0.12\u003c/td\u003e\u003ctd\u003eUpgrade to 6.0.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.0 on Linux\u003c/td\u003e\u003ctd\u003e6.0.0 through 6.0.10\u003c/td\u003e\u003ctd\u003eUpgrade to 6.0.11 or later.\u0026nbsp;\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.2/6.3 on Linux\u003c/td\u003e\u003ctd\u003e6.2.0 through 6.3.3-h1\u003c/td\u003e\u003ctd\u003eUpgrade to 6.3.3-h2 (6.3.3-42) or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.3 on macOS\u003c/td\u003e\u003ctd\u003e6.3.0 through 6.3.3-h8\u003c/td\u003e\u003ctd\u003eUpgrade to 6.3.3-h9 (6.3.3-999) or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.2 on macOS\u003c/td\u003e\u003ctd\u003e6.2.0 through 6.2.8-h9\u003c/td\u003e\u003ctd\u003eUpgrade to 6.2.8-h10 (6.2.8-948) or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.0 on macOS\u003c/td\u003e\u003ctd\u003e6.0.0 through 6.0.12\u003c/td\u003e\u003ctd\u003eUpgrade to 6.0.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.1 on Android\u003c/td\u003e\u003ctd\u003e6.1.0 through 6.1.12\u003c/td\u003e\u003ctd\u003eUpgrade to 6.1.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.0 on Android\u003c/td\u003e\u003ctd\u003e6.0.0 through 6.0.13\u003c/td\u003e\u003ctd\u003eUpgrade to 6.0.14 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.1 on ChromeOS\u003c/td\u003e\u003ctd\u003e6.1.0 through 6.1.12\u003c/td\u003e\u003ctd\u003eUpgrade to 6.1.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.0 on ChromeOS\u003c/td\u003e\u003ctd\u003e6.0.0 through 6.0.13\u003c/td\u003e\u003ctd\u003eUpgrade to 6.0.14 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect UWP App\u003c/td\u003e\u003ctd\u003e6.1.0 through 6.3.3-h9\u003c/td\u003e\u003ctd\u003eUpgrade to 6.3.3-h10 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on iOS\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
            }
          ],
          "value": "VERSION                              MINOR VERSION            SUGGESTED SOLUTION\nGlobalProtect App 6.3 on Windows     6.3.0 through 6.3.3-h8   Upgrade to 6.3.3-h9 (6.3.3-999) or later.\nGlobalProtect App 6.2 on Windows     6.2.0 through 6.2.8-h9   Upgrade to 6.2.8-h10 (6.2.8-948) or later.\nGlobalProtect App 6.0 on Windows     6.0.0 through 6.0.12     Upgrade to 6.0.13 or later.\nGlobalProtect App 6.0 on Linux       6.0.0 through 6.0.10     Upgrade to 6.0.11 or later. \nGlobalProtect App 6.2/6.3 on Linux   6.2.0 through 6.3.3-h1   Upgrade to 6.3.3-h2 (6.3.3-42) or later.\nGlobalProtect App 6.3 on macOS       6.3.0 through 6.3.3-h8   Upgrade to 6.3.3-h9 (6.3.3-999) or later.\nGlobalProtect App 6.2 on macOS       6.2.0 through 6.2.8-h9   Upgrade to 6.2.8-h10 (6.2.8-948) or later.\nGlobalProtect App 6.0 on macOS       6.0.0 through 6.0.12     Upgrade to 6.0.13 or later.\nGlobalProtect App 6.1 on Android     6.1.0 through 6.1.12     Upgrade to 6.1.13 or later.\nGlobalProtect App 6.0 on Android     6.0.0 through 6.0.13     Upgrade to 6.0.14 or later.\nGlobalProtect App 6.1 on ChromeOS    6.1.0 through 6.1.12     Upgrade to 6.1.13 or later.\nGlobalProtect App 6.0 on ChromeOS    6.0.0 through 6.0.13     Upgrade to 6.0.14 or later.\nGlobalProtect UWP App                6.1.0 through 6.3.3-h9   Upgrade to 6.3.3-h10 or later.\nGlobalProtect App on iOS                                      No action needed"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-13T16:00:00.000Z",
          "value": "Initial Publication."
        }
      ],
      "title": "GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway",
      "workarounds": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eNo known workarounds exist for this issue.\u003c/p\u003e"
            }
          ],
          "value": "No known workarounds exist for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2026-0250",
    "datePublished": "2026-05-13T18:26:51.927Z",
    "dateReserved": "2025-11-03T20:44:11.022Z",
    "dateUpdated": "2026-05-14T03:56:37.034Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0251 (GCVE-0-2026-0251)

Vulnerability from cvelistv5 – Published: 2026-05-13 18:20 – Updated: 2026-05-14 03:56

Title

GlobalProtect App: Local Privilege Escalation Vulnerabilities

Summary

Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app allow a local user to escalate their privileges to NT AUTHORITY\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands with administrative privileges. The GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.

Severity

5.9 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-426 - Untrusted Search Path

Assigner

palo_alto

References

1 reference

URL	Tags
https://security.paloaltonetworks.com/CVE-2026-0251	vendor-advisory

Impacted products

4 products

Vendor	Product	Version
Palo Alto Networks	GlobalProtect App	Affected: 6.3.0 , < 6.3.3-h9 (6.3.3-999) (custom) Affected: 6.2.0 , < 6.2.8-h10 (6.2.8-948) (custom) Affected: 6.0.0 , < 6.0.13 (custom) cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.12:::::Windows:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.11:::::Windows:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.10:::::Windows:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.8:::::Windows:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.7:::::Windows:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.6:::::Windows:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.5:::::Windows:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.4:::::Windows:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.3:::::Windows:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.2:::::Windows:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.1:::::Windows:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.0:::::Windows::
Palo Alto Networks	GlobalProtect App	Affected: 6.3.0 , < 6.3.3-h9 (6.3.3-999) (custom) Affected: 6.2.0 , < 6.2.8-h10 (6.2.8-948) (custom) Affected: 6.0.0 , < 6.0.13 (custom) cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.12:::::macOS:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.11:::::macOS:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.10:::::macOS:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.8:::::macOS:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.7:::::macOS:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.6:::::macOS:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.5:::::macOS:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.4:::::macOS:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.3:::::macOS:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.2:::::macOS:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.1:::::macOS:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.0:::::macOS::
Palo Alto Networks	GlobalProtect App	Affected: 6.3.0 , < 6.3.3-h2 (6.3.3-42) (custom) Affected: 6.0.0 , < 6.0.11 (custom) cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.12:::::Linux:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.11:::::Linux:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.10:::::Linux:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.8:::::Linux:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.7:::::Linux:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.6:::::Linux:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.5:::::Linux:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.4:::::Linux:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.3:::::Linux:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.2:::::Linux:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.1:::::Linux:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.0:::::Linux::
Palo Alto Networks	Global Protect App	Unaffected: All (custom)

Date Public

2026-05-13 16:00

Credits

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0251",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-14T03:56:34.668Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.12:*:*:*:*:Windows:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.11:*:*:*:*:Windows:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.10:*:*:*:*:Windows:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.8:*:*:*:*:Windows:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.7:*:*:*:*:Windows:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.6:*:*:*:*:Windows:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.5:*:*:*:*:Windows:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.4:*:*:*:*:Windows:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.3:*:*:*:*:Windows:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.2:*:*:*:*:Windows:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.1:*:*:*:*:Windows:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.0:*:*:*:*:Windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.3.3-h9 (6.3.3-999)",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.3.3-h9 (6.3.3-999)",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.2.8-h10 (6.2.8-948)",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.2.8-h10 (6.2.8-948)",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.0.13",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.0.13",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.12:*:*:*:*:macOS:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.11:*:*:*:*:macOS:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.10:*:*:*:*:macOS:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.8:*:*:*:*:macOS:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.7:*:*:*:*:macOS:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.6:*:*:*:*:macOS:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.5:*:*:*:*:macOS:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.4:*:*:*:*:macOS:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.3:*:*:*:*:macOS:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.2:*:*:*:*:macOS:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.1:*:*:*:*:macOS:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.0:*:*:*:*:macOS:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "macOS"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.3.3-h9 (6.3.3-999)",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.3.3-h9 (6.3.3-999)",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.2.8-h10 (6.2.8-948)",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.2.8-h10 (6.2.8-948)",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.0.13",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.0.13",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.12:*:*:*:*:Linux:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.11:*:*:*:*:Linux:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.10:*:*:*:*:Linux:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.8:*:*:*:*:Linux:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.7:*:*:*:*:Linux:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.6:*:*:*:*:Linux:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.5:*:*:*:*:Linux:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.4:*:*:*:*:Linux:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.3:*:*:*:*:Linux:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.2:*:*:*:*:Linux:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.1:*:*:*:*:Linux:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.0:*:*:*:*:Linux:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.3.3-h2 (6.3.3-42)",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.3.3-h2 (6.3.3-42)",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.0.11",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.0.11",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Android",
            "ChromeOS",
            "iOS",
            "UWP"
          ],
          "product": "Global Protect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eNo special configuration is required to be affected by this issue.\u003c/p\u003e"
            }
          ],
          "value": "No special configuration is required to be affected by this issue."
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Windows:*:*",
                  "versionEndExcluding": "6.3.3-h9_(6.3.3-999)",
                  "versionStartIncluding": "6.3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Windows:*:*",
                  "versionEndExcluding": "6.2.8-h10_(6.2.8-948)",
                  "versionStartIncluding": "6.2.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Windows:*:*",
                  "versionEndExcluding": "6.0.13",
                  "versionStartIncluding": "6.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:*",
                  "versionEndExcluding": "6.3.3-h9_(6.3.3-999)",
                  "versionStartIncluding": "6.3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:*",
                  "versionEndExcluding": "6.2.8-h10_(6.2.8-948)",
                  "versionStartIncluding": "6.2.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:*",
                  "versionEndExcluding": "6.0.13",
                  "versionStartIncluding": "6.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Linux:*:*",
                  "versionEndExcluding": "6.3.3-h2_(6.3.3-42)",
                  "versionStartIncluding": "6.3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Linux:*:*",
                  "versionEndExcluding": "6.0.11",
                  "versionStartIncluding": "6.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "other",
          "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."
        }
      ],
      "datePublic": "2026-05-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMultiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect\u2122 app allow a local user to escalate their privileges to NT AUTHORITY\\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands with administrative privileges.\u003cbr\u003e\u003cbr\u003eThe GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.\u003c/p\u003e"
            }
          ],
          "value": "Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect\u2122 app allow a local user to escalate their privileges to NT AUTHORITY\\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands with administrative privileges.\n\nThe GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of these issues.\u003c/p\u003e"
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "UNREPORTED",
            "privilegesRequired": "LOW",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "CWE-426 Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T18:20:01.156Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2026-0251"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eMinor Version\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.0 on Windows\u003c/td\u003e\u003ctd\u003e6.0.0 through 6.0.12\u003c/td\u003e\u003ctd\u003eUpgrade to 6.0.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.2 on Windows\u003c/td\u003e\u003ctd\u003e6.2.0 through 6.2.8-h9\u003c/td\u003e\u003ctd\u003eUpgrade to 6.2.8-h10 (6.2.8-948) or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.3 on Windows\u003c/td\u003e\u003ctd\u003e6.3.0 through 6.3.3-h8\u003c/td\u003e\u003ctd\u003eUpgrade to 6.3.3-h9 (6.3.3-999) or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.0 on macOS\u003c/td\u003e\u003ctd\u003e6.0.0 through 6.0.12\u003c/td\u003e\u003ctd\u003eUpgrade to 6.0.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.2 on macOS\u003c/td\u003e\u003ctd\u003e6.2.0 through 6.2.8-h9\u003c/td\u003e\u003ctd\u003eUpgrade to 6.2.8-h10 (6.2.8-948) or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.3 on macOS\u003c/td\u003e\u003ctd\u003e6.3.0 through 6.3.3-h8\u003c/td\u003e\u003ctd\u003eUpgrade to 6.3.3-h9 (6.3.3-999) or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.0 on Linux\u003c/td\u003e\u003ctd\u003e6.0.0 through 6.0.10\u003c/td\u003e\u003ctd\u003eUpgrade to 6.0.11 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.2 on Linux\u003c/td\u003e\u003ctd\u003e6.2.0 through 6.2.9\u003c/td\u003e\u003ctd\u003eUpgrade to 6.3.3-h2 (6.3.3-42) or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.3 on Linux\u003c/td\u003e\u003ctd\u003e6.3.0 through 6.3.3-h1\u003c/td\u003e\u003ctd\u003eUpgrade to 6.3.3-h2 (6.3.3-42) or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on Android\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on Chrome OS\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on iOS\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on UWP\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
            }
          ],
          "value": "VERSION                            MINOR VERSION            SUGGESTED SOLUTION\nGlobalProtect App 6.0 on Windows   6.0.0 through 6.0.12     Upgrade to 6.0.13 or later.\nGlobalProtect App 6.2 on Windows   6.2.0 through 6.2.8-h9   Upgrade to 6.2.8-h10 (6.2.8-948) or later.\nGlobalProtect App 6.3 on Windows   6.3.0 through 6.3.3-h8   Upgrade to 6.3.3-h9 (6.3.3-999) or later.\nGlobalProtect App 6.0 on macOS     6.0.0 through 6.0.12     Upgrade to 6.0.13 or later.\nGlobalProtect App 6.2 on macOS     6.2.0 through 6.2.8-h9   Upgrade to 6.2.8-h10 (6.2.8-948) or later.\nGlobalProtect App 6.3 on macOS     6.3.0 through 6.3.3-h8   Upgrade to 6.3.3-h9 (6.3.3-999) or later.\nGlobalProtect App 6.0 on Linux     6.0.0 through 6.0.10     Upgrade to 6.0.11 or later\nGlobalProtect App 6.2 on Linux     6.2.0 through 6.2.9      Upgrade to 6.3.3-h2 (6.3.3-42) or later.\nGlobalProtect App 6.3 on Linux     6.3.0 through 6.3.3-h1   Upgrade to 6.3.3-h2 (6.3.3-42) or later.\nGlobalProtect App on Android                                No action needed.\nGlobalProtect App on Chrome OS                              No action needed.\nGlobalProtect App on iOS                                    No action needed.\nGlobalProtect App on UWP                                    No action needed."
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-13T16:00:00.000Z",
          "value": "Initial publication."
        }
      ],
      "title": "GlobalProtect App: Local Privilege Escalation Vulnerabilities",
      "workarounds": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eNo known workarounds exist for this issue.\u003c/p\u003e"
            }
          ],
          "value": "No known workarounds exist for this issue."
        }
      ],
      "x_affectedList": [
        "GlobalProtect App 6.0.12",
        "GlobalProtect App 6.0.11",
        "GlobalProtect App 6.0.10",
        "GlobalProtect App 6.0.8",
        "GlobalProtect App 6.0.7",
        "GlobalProtect App 6.0.6",
        "GlobalProtect App 6.0.5",
        "GlobalProtect App 6.0.4",
        "GlobalProtect App 6.0.3",
        "GlobalProtect App 6.0.2",
        "GlobalProtect App 6.0.1",
        "GlobalProtect App 6.0.0",
        "GlobalProtect App 6.0"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2026-0251",
    "datePublished": "2026-05-13T18:20:01.156Z",
    "dateReserved": "2025-11-03T20:44:11.930Z",
    "dateUpdated": "2026-05-14T03:56:34.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1535

CVE-2026-0249 (GCVE-0-2026-0249)

CVE-2026-0250 (GCVE-0-2026-0250)

CVE-2026-0251 (GCVE-0-2026-0251)

Tags

Sightings

Nomenclature