Information Exposure in Palo Alto Networks GlobalProtect on macOS
CVE-2026-0267
4.4MEDIUM
What is CVE-2026-0267?
An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect application on macOS. This flaw allows a local user to discover configured passcodes that are intended to secure the functionalities of the app, such as disabling, disconnecting, or uninstalling it. By obtaining these passcodes, the local user can circumvent normal restrictions within the GlobalProtect app configuration, gaining unauthorized control over the application features.
Affected Version(s)
GlobalProtect App macOS 6.3.0 < 6.3.3-h1
GlobalProtect App macOS 6.2.0 < 6.2.8-h2
GlobalProtect App Windows All
References
CVSS V4
Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Palo Alto Networks thanks one of our customers for discovering and reporting this issue.