GlobalProtect App: Information Exposure Vulnerability on macOS
CVE-2026-0267

4.4MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Globalprotect App; Globalprotect UWP App
Vendor: CVE Published:; 10 June 2026

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2026-0267?

An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so.

Affected Version(s)

GlobalProtect App macOS 6.3.0 < 6.3.3-h1

GlobalProtect App macOS 6.2.0 < 6.2.8-h2

GlobalProtect App Windows All

References

https://security.paloaltonetworks.com/CVE-2026-0267

vendor-advisory

https://security.paloaltonetworks.com/CVE-2024-8687

CVSS V4

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jun 10, 2026
Vulnerability published
Jun 10, 2026
Vulnerability Reserved
Nov 3, 2025

Credit

Palo Alto Networks thanks one of our customers for discovering and reporting this issue.

CVE-2026-0267 Data

JSON