GlobalProtect App: Information Exposure Vulnerability on macOS
Summary
| CVE | CVE-2026-0267 |
|---|---|
| State | PUBLISHED |
| Assigner | palo_alto |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-10 22:16:53 UTC |
| Updated | 2026-06-11 15:21:30 UTC |
| Description | An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so. |
Risk And Classification
Primary CVSS: v4.0 4.4 MEDIUM from [email protected]
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber
EPSS: 0.001100000 probability, percentile 0.015450000 (date 2026-06-17)
Problem Types: CWE-532 | CWE-532 CWE-532 Insertion of Sensitive Information into Log File
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | [email protected] | Secondary | 4.4 | MEDIUM | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/C... |
| 4.0 | CNA | CVSS | 4.4 | MEDIUM | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/A... |
CVSS v4.0 Breakdown
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Palo Alto Networks | GlobalProtect App | affected 6.3.0 6.3.3-h1 custom | macOS |
| CNA | Palo Alto Networks | GlobalProtect App | affected 6.2.0 6.2.8-h2 custom | macOS |
| CNA | Palo Alto Networks | GlobalProtect App | unaffected All custom | Windows, Linux, iOS, Android, Chrome OS |
| CNA | Palo Alto Networks | GlobalProtect UWP App | unaffected All custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| security.paloaltonetworks.com/CVE-2024-8687 | [email protected] | security.paloaltonetworks.com | |
| security.paloaltonetworks.com/CVE-2026-0267 | [email protected] | security.paloaltonetworks.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Palo Alto Networks thanks one of our customers for discovering and reporting this issue. (en)
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| CNA | 2026-06-10T16:00:00.000Z | Initial publication |
Solutions
CNA: VERSION MINOR VERSION RANGE SUGGESTED SOLUTION GlobalProtect App 6.3 on macOS 6.3.0 through 6.3.3 Upgrade to 6.3.3-h1 or later. GlobalProtect App 6.2 on macOS 6.2.0 through 6.2.8-h1 Upgrade to 6.2.8-h2 or later. GlobalProtect App on Windows Not Applicable GlobalProtect App on Linux Not Applicable GlobalProtect App on iOS Not Applicable GlobalProtect App on Android Not Applicable GlobalProtect App on Chrome OS Not Applicable
Workarounds
CNA: On the GlobalProtect Portal configuration on PAN-OS firewalls or Panorama, change the following setting (if enabled) to "Disallow": * Network > GlobalProtect > Portals > (portal-config) > Agent > (agent-config) > App > Allow User to Uninstall GlobalProtect App > Disallow
Exploits
CNA: Palo Alto Networks is not aware of any malicious exploitation of this issue.