{"api_version":"1","generated_at":"2026-05-15T05:23:13+00:00","cve":"CVE-2026-0250","urls":{"html":"https://cve.report/CVE-2026-0250","api":"https://cve.report/api/cve/CVE-2026-0250.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-0250","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-0250"},"summary":{"title":"GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway","description":"A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect™ app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of requests and responses exchanged between Portal and Gateway.\n\n\n\nThe GlobalProtect app on iOS is not affected.","state":"PUBLISHED","assigner":"palo_alto","published_at":"2026-05-13 19:16:59","updated_at":"2026-05-14 16:21:23"},"problem_types":["CWE-787","CWE-787 CWE-787 Out-of-bounds Write"],"metrics":[{"version":"4.0","source":"psirt@paloaltonetworks.com","type":"Secondary","score":"5.2","severity":"MEDIUM","vector":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber","baseScore":5.2,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"5.2","severity":"MEDIUM","vector":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber","data":{"Automatable":"NO","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"ADJACENT","baseScore":5.2,"baseSeverity":"MEDIUM","exploitMaturity":"UNREPORTED","privilegesRequired":"NONE","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"MODERATE"}}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0250","name":"https://security.paloaltonetworks.com/CVE-2026-0250","refsource":"psirt@paloaltonetworks.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-0250","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0250","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"affected 6.3.0 6.3.3-h9 (6.3.3-999) custom","platforms":["Windows","MacOS"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"affected 6.2.0 6.2.8-h10 (6.2.8-948) custom","platforms":["Windows","MacOS"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"affected 6.1 6.1.13 custom","platforms":["Android","Chrome OS"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"affected 6.3.0 6.3.3-h2 (6.3.3-42) custom","platforms":["Linux"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"affected 6.0.0 6.0.11 custom","platforms":["Linux"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"affected 6.0 6.0.13 custom","platforms":["Windows","MacOS"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"affected 6.0 6.0.14 custom","platforms":["Android","Chrome OS"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect UWP App","version":"affected 6.3 6.3.3-h10 custom","platforms":["Windows"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"unaffected All custom","platforms":["iOS"]}],"timeline":[{"source":"CNA","time":"2026-05-13T16:00:00.000Z","lang":"en","value":"Initial Publication."}],"solutions":[{"source":"CNA","title":"","value":"VERSION                              MINOR VERSION            SUGGESTED SOLUTION\nGlobalProtect App 6.3 on Windows     6.3.0 through 6.3.3-h8   Upgrade to 6.3.3-h9 (6.3.3-999) or later.\nGlobalProtect App 6.2 on Windows     6.2.0 through 6.2.8-h9   Upgrade to 6.2.8-h10 (6.2.8-948) or later.\nGlobalProtect App 6.0 on Windows     6.0.0 through 6.0.12     Upgrade to 6.0.13 or later.\nGlobalProtect App 6.0 on Linux       6.0.0 through 6.0.10     Upgrade to 6.0.11 or later. \nGlobalProtect App 6.2/6.3 on Linux   6.2.0 through 6.3.3-h1   Upgrade to 6.3.3-h2 (6.3.3-42) or later.\nGlobalProtect App 6.3 on macOS       6.3.0 through 6.3.3-h8   Upgrade to 6.3.3-h9 (6.3.3-999) or later.\nGlobalProtect App 6.2 on macOS       6.2.0 through 6.2.8-h9   Upgrade to 6.2.8-h10 (6.2.8-948) or later.\nGlobalProtect App 6.0 on macOS       6.0.0 through 6.0.12     Upgrade to 6.0.13 or later.\nGlobalProtect App 6.1 on Android     6.1.0 through 6.1.12     Upgrade to 6.1.13 or later.\nGlobalProtect App 6.0 on Android     6.0.0 through 6.0.13     Upgrade to 6.0.14 or later.\nGlobalProtect App 6.1 on ChromeOS    6.1.0 through 6.1.12     Upgrade to 6.1.13 or later.\nGlobalProtect App 6.0 on ChromeOS    6.0.0 through 6.0.13     Upgrade to 6.0.14 or later.\nGlobalProtect UWP App                6.1.0 through 6.3.3-h9   Upgrade to 6.3.3-h10 or later.\nGlobalProtect App on iOS                                      No action needed","time":"","lang":"eng"}],"workarounds":[{"source":"CNA","title":"","value":"No known workarounds exist for this issue.","time":"","lang":"eng"}],"exploits":[{"source":"CNA","title":"","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","time":"","lang":"en"}],"credits":[{"source":"CNA","value":"our internal security research teams","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"250","cve":"CVE-2026-0250","epss":"0.000060000","percentile":"0.003670000","score_date":"2026-05-14","updated_at":"2026-05-15 00:08:12"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-0250","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-05-13T00:00:00+00:00","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-05-14T03:56:37.034Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows","MacOS"],"product":"GlobalProtect App","vendor":"Palo Alto Networks","versions":[{"changes":[{"at":"6.3.3-h9 (6.3.3-999)","status":"unaffected"}],"lessThan":"6.3.3-h9 (6.3.3-999)","status":"affected","version":"6.3.0","versionType":"custom"},{"changes":[{"at":"6.2.8-h10 (6.2.8-948)","status":"unaffected"}],"lessThan":"6.2.8-h10 (6.2.8-948)","status":"affected","version":"6.2.0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["Android","Chrome OS"],"product":"GlobalProtect App","vendor":"Palo Alto Networks","versions":[{"changes":[{"at":"6.1.13","status":"unaffected"}],"lessThan":"6.1.13","status":"affected","version":"6.1","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["Linux"],"product":"GlobalProtect App","vendor":"Palo Alto Networks","versions":[{"changes":[{"at":"6.3.3-h2 (6.3.3-42)","status":"unaffected"}],"lessThan":"6.3.3-h2 (6.3.3-42)","status":"affected","version":"6.3.0","versionType":"custom"},{"changes":[{"at":"6.0.11","status":"unaffected"}],"lessThan":"6.0.11","status":"affected","version":"6.0.0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["Windows","MacOS"],"product":"GlobalProtect App","vendor":"Palo Alto Networks","versions":[{"changes":[{"at":"6.0.13","status":"unaffected"}],"lessThan":"6.0.13","status":"affected","version":"6.0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["Android","Chrome OS"],"product":"GlobalProtect App","vendor":"Palo Alto Networks","versions":[{"changes":[{"at":"6.0.14","status":"unaffected"}],"lessThan":"6.0.14","status":"affected","version":"6.0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["Windows"],"product":"GlobalProtect UWP App","vendor":"Palo Alto Networks","versions":[{"changes":[{"at":"6.3.3-h10","status":"unaffected"}],"lessThan":"6.3.3-h10","status":"affected","version":"6.3","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["iOS"],"product":"GlobalProtect App","vendor":"Palo Alto Networks","versions":[{"status":"unaffected","version":"All","versionType":"custom"}]}],"configurations":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>No special configuration is required to be affected by this issue.</p>"}],"value":"No special configuration is required to be affected by this issue."}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:windows:*:*:*:*:*","versionEndExcluding":"6.3.3-h9_6.3.3-999_","versionStartIncluding":"6.3.0","vulnerable":true},{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:macos:*:*:*:*:*","versionEndExcluding":"6.3.3-h9_6.3.3-999_","versionStartIncluding":"6.3.0","vulnerable":true},{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:windows:*:*:*:*:*","versionEndExcluding":"6.2.8-h10_6.2.8-948_","versionStartIncluding":"6.2.0","vulnerable":true},{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:macos:*:*:*:*:*","versionEndExcluding":"6.2.8-h10_6.2.8-948_","versionStartIncluding":"6.2.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:android:*:*:*:*:*","versionEndExcluding":"6.1.13","versionStartIncluding":"6.1","vulnerable":true},{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:chrome_os:*:*:*:*:*","versionEndExcluding":"6.1.13","versionStartIncluding":"6.1","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:linux:*:*:*:*:*","versionEndExcluding":"6.3.3-h2_6.3.3-42_","versionStartIncluding":"6.3.0","vulnerable":true},{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:linux:*:*:*:*:*","versionEndExcluding":"6.0.11","versionStartIncluding":"6.0.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:windows:*:*:*:*:*","versionEndExcluding":"6.0.13","versionStartIncluding":"6.0","vulnerable":true},{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:macos:*:*:*:*:*","versionEndExcluding":"6.0.13","versionStartIncluding":"6.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:android:*:*:*:*:*","versionEndExcluding":"6.0.14","versionStartIncluding":"6.0","vulnerable":true},{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:chrome_os:*:*:*:*:*","versionEndExcluding":"6.0.14","versionStartIncluding":"6.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_uwp_app:*:*:windows:*:*:*:*:*","versionEndExcluding":"6.3.3-h10","versionStartIncluding":"6.3","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:all:*:ios:*:*:*:*:*","vulnerable":false}],"negate":false,"operator":"OR"}],"operator":"OR"}],"credits":[{"lang":"en","type":"other","value":"our internal security research teams"}],"datePublic":"2026-05-13T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect™ app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of requests and responses exchanged between Portal and Gateway.</p><p>The GlobalProtect app on iOS is not affected.</p>"}],"value":"A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect™ app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of requests and responses exchanged between Portal and Gateway.\n\n\n\nThe GlobalProtect app on iOS is not affected."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>"}],"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}],"impacts":[{"capecId":"CAPEC-540","descriptions":[{"lang":"en","value":"CAPEC-540 Overread Buffers"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NO","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"ADJACENT","baseScore":5.2,"baseSeverity":"MEDIUM","exploitMaturity":"UNREPORTED","privilegesRequired":"NONE","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-787","description":"CWE-787 Out-of-bounds Write","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-13T18:26:51.927Z","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"references":[{"tags":["vendor-advisory"],"url":"https://security.paloaltonetworks.com/CVE-2026-0250"}],"solutions":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"<table class=\"tbl\"><thead><tr><th>Version</th><th>Minor Version</th><th>Suggested Solution</th></tr></thead><tbody><tr><td>GlobalProtect App 6.3 on Windows</td><td>6.3.0 through 6.3.3-h8</td><td>Upgrade to 6.3.3-h9 (6.3.3-999) or later.</td></tr><tr><td>GlobalProtect App 6.2 on Windows</td><td>6.2.0 through 6.2.8-h9</td><td>Upgrade to 6.2.8-h10 (6.2.8-948) or later.</td></tr><tr><td>GlobalProtect App 6.0 on Windows</td><td>6.0.0 through 6.0.12</td><td>Upgrade to 6.0.13 or later.</td></tr><tr><td>GlobalProtect App 6.0 on Linux</td><td>6.0.0 through 6.0.10</td><td>Upgrade to 6.0.11 or later.&nbsp;</td></tr><tr><td>GlobalProtect App 6.2/6.3 on Linux</td><td>6.2.0 through 6.3.3-h1</td><td>Upgrade to 6.3.3-h2 (6.3.3-42) or later.</td></tr><tr><td>GlobalProtect App 6.3 on macOS</td><td>6.3.0 through 6.3.3-h8</td><td>Upgrade to 6.3.3-h9 (6.3.3-999) or later.</td></tr><tr><td>GlobalProtect App 6.2 on macOS</td><td>6.2.0 through 6.2.8-h9</td><td>Upgrade to 6.2.8-h10 (6.2.8-948) or later.</td></tr><tr><td>GlobalProtect App 6.0 on macOS</td><td>6.0.0 through 6.0.12</td><td>Upgrade to 6.0.13 or later.</td></tr><tr><td>GlobalProtect App 6.1 on Android</td><td>6.1.0 through 6.1.12</td><td>Upgrade to 6.1.13 or later.</td></tr><tr><td>GlobalProtect App 6.0 on Android</td><td>6.0.0 through 6.0.13</td><td>Upgrade to 6.0.14 or later.</td></tr><tr><td>GlobalProtect App 6.1 on ChromeOS</td><td>6.1.0 through 6.1.12</td><td>Upgrade to 6.1.13 or later.</td></tr><tr><td>GlobalProtect App 6.0 on ChromeOS</td><td>6.0.0 through 6.0.13</td><td>Upgrade to 6.0.14 or later.</td></tr><tr><td>GlobalProtect UWP App</td><td>6.1.0 through 6.3.3-h9</td><td>Upgrade to 6.3.3-h10 or later.</td></tr><tr><td>GlobalProtect App on iOS</td><td><br></td><td>No action needed</td></tr></tbody></table>"}],"value":"VERSION                              MINOR VERSION            SUGGESTED SOLUTION\nGlobalProtect App 6.3 on Windows     6.3.0 through 6.3.3-h8   Upgrade to 6.3.3-h9 (6.3.3-999) or later.\nGlobalProtect App 6.2 on Windows     6.2.0 through 6.2.8-h9   Upgrade to 6.2.8-h10 (6.2.8-948) or later.\nGlobalProtect App 6.0 on Windows     6.0.0 through 6.0.12     Upgrade to 6.0.13 or later.\nGlobalProtect App 6.0 on Linux       6.0.0 through 6.0.10     Upgrade to 6.0.11 or later. \nGlobalProtect App 6.2/6.3 on Linux   6.2.0 through 6.3.3-h1   Upgrade to 6.3.3-h2 (6.3.3-42) or later.\nGlobalProtect App 6.3 on macOS       6.3.0 through 6.3.3-h8   Upgrade to 6.3.3-h9 (6.3.3-999) or later.\nGlobalProtect App 6.2 on macOS       6.2.0 through 6.2.8-h9   Upgrade to 6.2.8-h10 (6.2.8-948) or later.\nGlobalProtect App 6.0 on macOS       6.0.0 through 6.0.12     Upgrade to 6.0.13 or later.\nGlobalProtect App 6.1 on Android     6.1.0 through 6.1.12     Upgrade to 6.1.13 or later.\nGlobalProtect App 6.0 on Android     6.0.0 through 6.0.13     Upgrade to 6.0.14 or later.\nGlobalProtect App 6.1 on ChromeOS    6.1.0 through 6.1.12     Upgrade to 6.1.13 or later.\nGlobalProtect App 6.0 on ChromeOS    6.0.0 through 6.0.13     Upgrade to 6.0.14 or later.\nGlobalProtect UWP App                6.1.0 through 6.3.3-h9   Upgrade to 6.3.3-h10 or later.\nGlobalProtect App on iOS                                      No action needed"}],"source":{"discovery":"INTERNAL"},"timeline":[{"lang":"en","time":"2026-05-13T16:00:00.000Z","value":"Initial Publication."}],"title":"GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway","workarounds":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>No known workarounds exist for this issue.</p>"}],"value":"No known workarounds exist for this issue."}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}}},"cveMetadata":{"assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","cveId":"CVE-2026-0250","datePublished":"2026-05-13T18:26:51.927Z","dateReserved":"2025-11-03T20:44:11.022Z","dateUpdated":"2026-05-14T03:56:37.034Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-13 19:16:59","lastModifiedDate":"2026-05-14 16:21:23","problem_types":["CWE-787","CWE-787 CWE-787 Out-of-bounds Write"],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber","baseScore":5.2,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"250","Ordinal":"1","Title":"GlobalProtect App: Buffer Overflow Vulnerability during connecti","CVE":"CVE-2026-0250","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"250","Ordinal":"1","NoteData":"A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect™ app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of requests and responses exchanged between Portal and Gateway.\n\n\n\nThe GlobalProtect app on iOS is not affected.","Type":"Description","Title":"GlobalProtect App: Buffer Overflow Vulnerability during connecti"}]}}}