CVE-2026-0267
4.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber
Summary
An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Palo Alto Networks | GlobalProtect App | 6.3.0 < 6.3.3-h1 | affected |
| Palo Alto Networks | GlobalProtect App | 6.2.0 < 6.2.8-h2 | affected |
| Palo Alto Networks | GlobalProtect App | All | unaffected |
| Palo Alto Networks | GlobalProtect UWP App | All | unaffected |
Weaknesses
- CWE-532: CWE-532 Insertion of Sensitive Information into Log File
Workarounds
On the GlobalProtect Portal configuration on PAN-OS firewalls or Panorama, change the following setting (if enabled) to "Disallow":
- Network > GlobalProtect > Portals > (portal-config) > Agent > (agent-config) > App > Allow User to Uninstall GlobalProtect App > Disallow
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://security.paloaltonetworks.com/CVE-2026-0267
- https://security.paloaltonetworks.com/CVE-2024-8687
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.