Buffer Overflow Vulnerability in Palo Alto Networks GlobalProtect App
CVE-2026-0250

5.2MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Globalprotect App; Globalprotect UWP App
Vendor: CVE Published:; 13 May 2026

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2026-0250?

A buffer overflow vulnerability has been identified in the Palo Alto Networks GlobalProtect application, allowing a man-in-the-middle attacker to disrupt system operations and potentially execute arbitrary code with elevated SYSTEM privileges. This issue arises when processing requests and responses exchanged between the Portal and Gateway components, making it crucial for users to apply necessary mitigations to enhance security.

Affected Version(s)

GlobalProtect App Android 6.1 < 6.1.13

GlobalProtect App Android 6.0 < 6.0.14

GlobalProtect App Linux 6.3.0 < 6.3.3-h2 (6.3.3-42)

References

https://security.paloaltonetworks.com/CVE-2026-0250

vendor-advisory

CVSS V4

Score:

5.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 13, 2026
Vulnerability published
May 13, 2026
Vulnerability Reserved
Nov 3, 2025

Credit

our internal security research teams

CVE-2026-0250 Data

JSON