Local Privilege Escalation Vulnerability in Palo Alto Networks GlobalProtect App
CVE-2026-0251

5.9MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Globalprotect App; Global Protect App
Vendor: CVE Published:; 13 May 2026

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2026-0251?

The Palo Alto Networks GlobalProtect app contains multiple local privilege escalation vulnerabilities that allow a local user to gain elevated privileges to NT AUTHORITY\SYSTEM on Windows systems and root on macOS and Linux platforms. This type of vulnerability could enable a non-administrative user to execute arbitrary commands with administrative privileges, potentially compromising the security and integrity of the system. Importantly, versions of the GlobalProtect app for iOS, Android, Chrome OS, and the GlobalProtect UWP app are not impacted.

Affected Version(s)

GlobalProtect App Linux 6.3.0 < 6.3.3-h2 (6.3.3-42)

GlobalProtect App Linux 6.0.0 < 6.0.11

GlobalProtect App macOS 6.3.0 < 6.3.3-h9 (6.3.3-999)

References

https://security.paloaltonetworks.com/CVE-2026-0251

vendor-advisory

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 13, 2026
Vulnerability published
May 13, 2026
Vulnerability Reserved
Nov 3, 2025

Credit

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.

CVE-2026-0251 Data

JSON