Information Exposure in Palo Alto Networks GlobalProtect on macOS
CVE-2026-0267

4.4MEDIUM

Key Information:

Vendor
CVE Published:
10 June 2026

Badges

👾 Exploit Exists

What is CVE-2026-0267?

An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect application on macOS. This flaw allows a local user to discover configured passcodes that are intended to secure the functionalities of the app, such as disabling, disconnecting, or uninstalling it. By obtaining these passcodes, the local user can circumvent normal restrictions within the GlobalProtect app configuration, gaining unauthorized control over the application features.

Affected Version(s)

GlobalProtect App macOS 6.3.0 < 6.3.3-h1

GlobalProtect App macOS 6.2.0 < 6.2.8-h2

GlobalProtect App Windows All

References

CVSS V4

Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Palo Alto Networks thanks one of our customers for discovering and reporting this issue.
.