Skip to main content

Globalprotect App

4 CVEs product

Monthly

CVE-2026-0267 MEDIUM PATCH This Month

GlobalProtect app on macOS exposes administrator-configured passcodes - used to restrict disabling, disconnecting, or uninstalling the endpoint agent - to unprivileged local users. A local user who reads the exposed passcode can then bypass endpoint protection controls that are specifically designed to prevent such actions, effectively disabling Palo Alto's endpoint security enforcement on the affected machine. No public exploit exists at time of analysis, and CVSS 4.0 supplemental metrics classify exploitation likelihood as 'Unreported' (E:U), though the impact on security posture is significant given that the passcode mechanism is the primary access control preventing users from circumventing GlobalProtect.

Information Disclosure Apple Paloalto Globalprotect App Globalprotect Uwp App
NVD VulDB
CVSS 4.0
4.4
EPSS
0.0%
CVE-2026-0249 MEDIUM PATCH This Month

Improper certificate validation in Palo Alto Networks GlobalProtect App exposes macOS and Android users to adversary-in-the-middle attacks from locally adjacent network positions, enabling traffic interception and malicious software installation. The flaw allows an unauthenticated attacker on the same subnet - or a local non-administrative OS user - to redirect encrypted VPN communications to a rogue server by bypassing TLS certificate checks. No public exploit has been identified at time of analysis, EPSS is effectively zero, and CISA SSVC rates exploitation as none, though the high confidentiality and integrity impact on the vulnerable component warrants prompt patching on affected platforms.

Apple Paloalto Microsoft Authentication Bypass Globalprotect App
NVD VulDB
CVSS 4.0
4.9
EPSS
0.0%
CVE-2026-0250 MEDIUM PATCH This Month

Buffer overflow in Palo Alto Networks GlobalProtect App (versions 6.0 through 6.3) allows an adjacent-network attacker positioned as a man-in-the-middle to corrupt memory during Portal/Gateway message processing, potentially executing arbitrary code with SYSTEM privileges on affected endpoints. Affected platforms include Windows (including the UWP variant), macOS, and other non-iOS clients; iOS is explicitly excluded by the vendor. No public exploit identified at time of analysis - EPSS stands at 0.01% and SSVC confirms no current exploitation - however the SSVC technical impact rating of 'total' and potential for full SYSTEM-level compromise justify prioritized patching for endpoints connecting from untrusted networks.

Memory Corruption RCE Apple Buffer Overflow Paloalto +2
NVD VulDB
CVSS 4.0
5.2
EPSS
0.0%
CVE-2026-0251 MEDIUM PATCH This Month

Local privilege escalation vulnerabilities in Palo Alto Networks GlobalProtect App on Windows, macOS, and Linux allow a low-privileged local user to elevate to NT AUTHORITY\SYSTEM (Windows) or root (macOS/Linux), enabling full OS-level command execution. The root cause is CWE-426 (Untrusted Search Path), where the application resolves executables or libraries from attacker-controllable locations. No public exploit has been identified and CISA SSVC confirms exploitation status as none; however, SSVC rates technical impact as total, reflecting the complete privilege gain achievable upon successful exploitation.

Privilege Escalation Google Apple Microsoft Paloalto +2
NVD VulDB
CVSS 4.0
5.9
EPSS
0.0%
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

GlobalProtect app on macOS exposes administrator-configured passcodes - used to restrict disabling, disconnecting, or uninstalling the endpoint agent - to unprivileged local users. A local user who reads the exposed passcode can then bypass endpoint protection controls that are specifically designed to prevent such actions, effectively disabling Palo Alto's endpoint security enforcement on the affected machine. No public exploit exists at time of analysis, and CVSS 4.0 supplemental metrics classify exploitation likelihood as 'Unreported' (E:U), though the impact on security posture is significant given that the passcode mechanism is the primary access control preventing users from circumventing GlobalProtect.

Information Disclosure Apple Paloalto +2
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Improper certificate validation in Palo Alto Networks GlobalProtect App exposes macOS and Android users to adversary-in-the-middle attacks from locally adjacent network positions, enabling traffic interception and malicious software installation. The flaw allows an unauthenticated attacker on the same subnet - or a local non-administrative OS user - to redirect encrypted VPN communications to a rogue server by bypassing TLS certificate checks. No public exploit has been identified at time of analysis, EPSS is effectively zero, and CISA SSVC rates exploitation as none, though the high confidentiality and integrity impact on the vulnerable component warrants prompt patching on affected platforms.

Apple Paloalto Microsoft +2
NVD VulDB
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

Buffer overflow in Palo Alto Networks GlobalProtect App (versions 6.0 through 6.3) allows an adjacent-network attacker positioned as a man-in-the-middle to corrupt memory during Portal/Gateway message processing, potentially executing arbitrary code with SYSTEM privileges on affected endpoints. Affected platforms include Windows (including the UWP variant), macOS, and other non-iOS clients; iOS is explicitly excluded by the vendor. No public exploit identified at time of analysis - EPSS stands at 0.01% and SSVC confirms no current exploitation - however the SSVC technical impact rating of 'total' and potential for full SYSTEM-level compromise justify prioritized patching for endpoints connecting from untrusted networks.

Memory Corruption RCE Apple +4
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Local privilege escalation vulnerabilities in Palo Alto Networks GlobalProtect App on Windows, macOS, and Linux allow a low-privileged local user to elevate to NT AUTHORITY\SYSTEM (Windows) or root (macOS/Linux), enabling full OS-level command execution. The root cause is CWE-426 (Untrusted Search Path), where the application resolves executables or libraries from attacker-controllable locations. No public exploit has been identified and CISA SSVC confirms exploitation status as none; however, SSVC rates technical impact as total, reflecting the complete privilege gain achievable upon successful exploitation.

Privilege Escalation Google Apple +4
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy