CVE-2026-0267

Summary

An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksGlobalProtect App6.3.0 < 6.3.3-h1affected
Palo Alto NetworksGlobalProtect App6.2.0 < 6.2.8-h2affected
Palo Alto NetworksGlobalProtect AppAllunaffected
Palo Alto NetworksGlobalProtect UWP AppAllunaffected

Weaknesses

  • CWE-532: CWE-532 Insertion of Sensitive Information into Log File

Workarounds

On the GlobalProtect Portal configuration on PAN-OS firewalls or Panorama, change the following setting (if enabled) to "Disallow":

  • Network > GlobalProtect > Portals > (portal-config) > Agent > (agent-config) > App > Allow User to Uninstall GlobalProtect App > Disallow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References