{"api_version":"1","generated_at":"2026-05-15T03:05:21+00:00","cve":"CVE-2026-0249","urls":{"html":"https://cve.report/CVE-2026-0249","api":"https://cve.report/api/cve/CVE-2026-0249.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-0249","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-0249"},"summary":{"title":"GlobalProtect App: Certificate Validation Bypass Vulnerabilities","description":"Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subnet to redirect traffic to an unauthorized server and facilitate the installation of malicious software.\n\nThe GlobalProtect app on Linux, Windows, iOS and GlobalProtect UWP app are not affected.","state":"PUBLISHED","assigner":"palo_alto","published_at":"2026-05-13 19:16:59","updated_at":"2026-05-14 16:21:23"},"problem_types":["CWE-295","CWE-295 CWE-295 Improper Certificate Validation"],"metrics":[{"version":"4.0","source":"psirt@paloaltonetworks.com","type":"Secondary","score":"4.9","severity":"MEDIUM","vector":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"4.9","severity":"MEDIUM","vector":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber","data":{"Automatable":"NO","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"ADJACENT","baseScore":4.9,"baseSeverity":"MEDIUM","exploitMaturity":"UNREPORTED","privilegesRequired":"NONE","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"MODERATE"}}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0249","name":"https://security.paloaltonetworks.com/CVE-2026-0249","refsource":"psirt@paloaltonetworks.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-0249","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0249","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"affected 6.3.0 6.3.3-h9 (6.3.3-999) custom","platforms":["macOS"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"affected 6.2.0 6.2.8-h10 (6.2.8-948) custom","platforms":["macOS"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"affected 6.1.0 6.1.13 custom","platforms":["Android","ChromeOS"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"affected 6.0.0 6.0.14 custom","platforms":["Android","ChromeOS"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"affected 6.0.0 6.0.13 custom","platforms":["macOS"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"unaffected All custom","platforms":["Windows","Linux","iOS","Windows UWP"]}],"timeline":[{"source":"CNA","time":"2026-05-13T16:00:00.000Z","lang":"en","value":"Initial publication."}],"solutions":[{"source":"CNA","title":"","value":"Version                              Minor Version            Suggested Solution\nGlobalProtect App 6.1 on Android     6.1.0 through 6.1.12     Upgrade to 6.1.13 or later.\nGlobalProtect App 6.0 on Android     6.0.0 through 6.0.13     Upgrade to 6.0.14 or later.\nGlobalProtect App 6.1 on Chrome OS   6.1.0 through 6.1.12     Upgrade to 6.1.13 or later.\nGlobalProtect App 6.0 on Chrome OS   6.0.0 through 6.0.13     Upgrade to 6.0.14 or later.\nGlobalProtect App 6.3 on macOS       6.3.0 through 6.3.3-h8   Upgrade to 6.3.3-h9 (6.3.3-999) or later.\nGlobalProtect App 6.2 on macOS       6.2.0 through 6.2.8-h9   Upgrade to 6.2.8-h10 (6.2.8-948) or later.\nGlobalProtect App 6.0 on macOS       6.0.0 through 6.0.12     Upgrade to 6.0.13 or later.\nGlobalProtect App on Windows                                  No action needed.\nGlobalProtect App on Linux                                    No action needed.\nGlobalProtect App on iOS                                      No action needed.\nGlobalProtect App on UWP                                      No action needed.","time":"","lang":"eng"}],"workarounds":[{"source":"CNA","title":"","value":"No known workarounds exist for this issue.","time":"","lang":"eng"}],"exploits":[{"source":"CNA","title":"","value":"Palo Alto Networks is not aware of any malicious exploitation of these issues.","time":"","lang":"en"}],"credits":[{"source":"CNA","value":"Palo Alto Networks thanks Kakao Corp. Service Security Team and our internal security research teams for discovering and reporting this issue.","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"249","cve":"CVE-2026-0249","epss":"0.000040000","percentile":"0.001590000","score_date":"2026-05-14","updated_at":"2026-05-15 00:08:12"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-0249","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-05-13T19:22:54.193454Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-05-13T19:31:30.865Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["macOS"],"product":"GlobalProtect App","vendor":"Palo Alto Networks","versions":[{"changes":[{"at":"6.3.3-h9 (6.3.3-999)","status":"unaffected"}],"lessThan":"6.3.3-h9 (6.3.3-999)","status":"affected","version":"6.3.0","versionType":"custom"},{"changes":[{"at":"6.2.8-h10 (6.2.8-948)","status":"unaffected"}],"lessThan":"6.2.8-h10 (6.2.8-948)","status":"affected","version":"6.2.0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["Android","ChromeOS"],"product":"GlobalProtect App","vendor":"Palo Alto Networks","versions":[{"changes":[{"at":"6.1.13","status":"unaffected"}],"lessThan":"6.1.13","status":"affected","version":"6.1.0","versionType":"custom"},{"changes":[{"at":"6.0.14","status":"unaffected"}],"lessThan":"6.0.14","status":"affected","version":"6.0.0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["macOS"],"product":"GlobalProtect App","vendor":"Palo Alto Networks","versions":[{"changes":[{"at":"6.0.13","status":"unaffected"}],"lessThan":"6.0.13","status":"affected","version":"6.0.0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["Windows","Linux","iOS","Windows UWP"],"product":"GlobalProtect App","vendor":"Palo Alto Networks","versions":[{"status":"unaffected","version":"All","versionType":"custom"}]}],"configurations":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>The issue is applicable to the GlobalProtect app on macOS only if SAML authentication with an <a href=\"https://docs.paloaltonetworks.com/globalprotect/administration/globalprotect-user-authentication/set-up-external-authentication/set-up-saml-authentication/enable-default-browser-for-saml-authentication-using-client-authentication-settings\">embedded browser is enabled</a>. No special configuration is required for the GlobalProtect app on Android/Chrome OS to be affected by this issue.</p>"}],"value":"The issue is applicable to the GlobalProtect app on macOS only if SAML authentication with an embedded browser is enabled (https://docs.paloaltonetworks.com/globalprotect/administration/globalprotect-user-authentication/set-up-external-authentication/set-up-saml-authentication/enable-default-browser-for-saml-authentication-using-client-authentication-settings). No special configuration is required for the GlobalProtect app on Android/Chrome OS to be affected by this issue."}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:*","versionEndExcluding":"6.3.3-h9_(6.3.3-999)","versionStartIncluding":"6.3.3","vulnerable":true},{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:*","versionEndExcluding":"6.2.8-h10_(6.2.8-948)","versionStartIncluding":"6.2.8","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Android:*:*","versionEndExcluding":"6.1.13","versionStartIncluding":"6.1.0","vulnerable":true},{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:ChromeOS:*:*","versionEndExcluding":"6.1.13","versionStartIncluding":"6.1.0","vulnerable":true},{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Android:*:*","versionEndExcluding":"6.0.14","versionStartIncluding":"6.0.0","vulnerable":true},{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:ChromeOS:*:*","versionEndExcluding":"6.0.14","versionStartIncluding":"6.0.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:*","versionEndExcluding":"6.0.13","versionStartIncluding":"6.0.0","vulnerable":true}],"negate":false,"operator":"OR"}],"operator":"OR"}],"credits":[{"lang":"en","type":"other","value":"Palo Alto Networks thanks Kakao Corp. Service Security Team and our internal security research teams for discovering and reporting this issue."}],"datePublic":"2026-05-13T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subnet to redirect traffic to an unauthorized server and facilitate the installation of malicious software.<br><br>The GlobalProtect app on Linux, Windows, iOS and GlobalProtect UWP app are not affected.</p>"}],"value":"Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subnet to redirect traffic to an unauthorized server and facilitate the installation of malicious software.\n\nThe GlobalProtect app on Linux, Windows, iOS and GlobalProtect UWP app are not affected."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Palo Alto Networks is not aware of any malicious exploitation of these issues.</p>"}],"value":"Palo Alto Networks is not aware of any malicious exploitation of these issues."}],"impacts":[{"capecId":"CAPEC-94","descriptions":[{"lang":"en","value":"CAPEC-94 Adversary in the Middle (AiTM)"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NO","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"ADJACENT","baseScore":4.9,"baseSeverity":"MEDIUM","exploitMaturity":"UNREPORTED","privilegesRequired":"NONE","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-295","description":"CWE-295 Improper Certificate Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-13T18:32:12.091Z","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"references":[{"tags":["vendor-advisory"],"url":"https://security.paloaltonetworks.com/CVE-2026-0249"}],"solutions":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"<table class=\"tbl\"><thead><tr><th>Version</th><th>Minor Version</th><th>Suggested Solution</th></tr></thead><tbody><tr><td>GlobalProtect App 6.1 on Android</td><td>6.1.0 through 6.1.12</td><td>Upgrade to 6.1.13 or later.</td></tr><tr><td>GlobalProtect App 6.0 on Android</td><td>6.0.0 through 6.0.13</td><td>Upgrade to 6.0.14 or later.</td></tr><tr><td>GlobalProtect App 6.1 on Chrome OS</td><td>6.1.0 through 6.1.12</td><td>Upgrade to 6.1.13 or later.</td></tr><tr><td>GlobalProtect App 6.0 on Chrome OS</td><td>6.0.0 through 6.0.13</td><td>Upgrade to 6.0.14 or later.</td></tr><tr><td>GlobalProtect App 6.3 on macOS</td><td>6.3.0 through 6.3.3-h8</td><td>Upgrade to 6.3.3-h9 (6.3.3-999) or later.</td></tr><tr><td>GlobalProtect App 6.2 on macOS</td><td>6.2.0 through 6.2.8-h9</td><td>Upgrade to 6.2.8-h10 (6.2.8-948) or later.</td></tr><tr><td>GlobalProtect App 6.0 on macOS</td><td>6.0.0 through 6.0.12</td><td>Upgrade to 6.0.13 or later.</td></tr><tr><td>GlobalProtect App on Windows</td><td><br></td><td>No action needed.</td></tr><tr><td>GlobalProtect App on Linux</td><td><br></td><td>No action needed.</td></tr><tr><td>GlobalProtect App on iOS</td><td><br></td><td>No action needed.</td></tr><tr><td>GlobalProtect App on UWP</td><td><br></td><td>No action needed.</td></tr></tbody></table>"}],"value":"Version                              Minor Version            Suggested Solution\nGlobalProtect App 6.1 on Android     6.1.0 through 6.1.12     Upgrade to 6.1.13 or later.\nGlobalProtect App 6.0 on Android     6.0.0 through 6.0.13     Upgrade to 6.0.14 or later.\nGlobalProtect App 6.1 on Chrome OS   6.1.0 through 6.1.12     Upgrade to 6.1.13 or later.\nGlobalProtect App 6.0 on Chrome OS   6.0.0 through 6.0.13     Upgrade to 6.0.14 or later.\nGlobalProtect App 6.3 on macOS       6.3.0 through 6.3.3-h8   Upgrade to 6.3.3-h9 (6.3.3-999) or later.\nGlobalProtect App 6.2 on macOS       6.2.0 through 6.2.8-h9   Upgrade to 6.2.8-h10 (6.2.8-948) or later.\nGlobalProtect App 6.0 on macOS       6.0.0 through 6.0.12     Upgrade to 6.0.13 or later.\nGlobalProtect App on Windows                                  No action needed.\nGlobalProtect App on Linux                                    No action needed.\nGlobalProtect App on iOS                                      No action needed.\nGlobalProtect App on UWP                                      No action needed."}],"source":{"discovery":"EXTERNAL"},"timeline":[{"lang":"en","time":"2026-05-13T16:00:00.000Z","value":"Initial publication."}],"title":"GlobalProtect App: Certificate Validation Bypass Vulnerabilities","workarounds":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>No known workarounds exist for this issue.</p>"}],"value":"No known workarounds exist for this issue."}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}}},"cveMetadata":{"assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","cveId":"CVE-2026-0249","datePublished":"2026-05-13T18:32:12.091Z","dateReserved":"2025-11-03T20:44:09.928Z","dateUpdated":"2026-05-13T19:31:30.865Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-13 19:16:59","lastModifiedDate":"2026-05-14 16:21:23","problem_types":["CWE-295","CWE-295 CWE-295 Improper Certificate Validation"],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"249","Ordinal":"1","Title":"GlobalProtect App: Certificate Validation Bypass Vulnerabilities","CVE":"CVE-2026-0249","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"249","Ordinal":"1","NoteData":"Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subnet to redirect traffic to an unauthorized server and facilitate the installation of malicious software.\n\nThe GlobalProtect app on Linux, Windows, iOS and GlobalProtect UWP app are not affected.","Type":"Description","Title":"GlobalProtect App: Certificate Validation Bypass Vulnerabilities"}]}}}