{"api_version":"1","generated_at":"2026-05-15T05:22:44+00:00","cve":"CVE-2026-0251","urls":{"html":"https://cve.report/CVE-2026-0251","api":"https://cve.report/api/cve/CVE-2026-0251.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-0251","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-0251"},"summary":{"title":"GlobalProtect App: Local Privilege Escalation Vulnerabilities","description":"Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app allow a local user to escalate their privileges to NT AUTHORITY\\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands with administrative privileges.\n\nThe GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.","state":"PUBLISHED","assigner":"palo_alto","published_at":"2026-05-13 19:16:59","updated_at":"2026-05-14 16:21:23"},"problem_types":["CWE-426","CWE-426 CWE-426 Untrusted Search Path"],"metrics":[{"version":"4.0","source":"psirt@paloaltonetworks.com","type":"Secondary","score":"5.9","severity":"MEDIUM","vector":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"5.9","severity":"MEDIUM","vector":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber","data":{"Automatable":"NO","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":5.9,"baseSeverity":"MEDIUM","exploitMaturity":"UNREPORTED","privilegesRequired":"LOW","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"MODERATE"}}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0251","name":"https://security.paloaltonetworks.com/CVE-2026-0251","refsource":"psirt@paloaltonetworks.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-0251","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0251","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"affected 6.3.0 6.3.3-h9 (6.3.3-999) custom","platforms":["Windows"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"affected 6.2.0 6.2.8-h10 (6.2.8-948) custom","platforms":["Windows"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"affected 6.0.0 6.0.13 custom","platforms":["Windows"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"affected 6.3.0 6.3.3-h9 (6.3.3-999) custom","platforms":["macOS"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"affected 6.2.0 6.2.8-h10 (6.2.8-948) custom","platforms":["macOS"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"affected 6.0.0 6.0.13 custom","platforms":["macOS"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"affected 6.3.0 6.3.3-h2 (6.3.3-42) custom","platforms":["Linux"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"affected 6.0.0 6.0.11 custom","platforms":["Linux"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"Global Protect App","version":"unaffected All custom","platforms":["Android","ChromeOS","iOS","UWP"]}],"timeline":[{"source":"CNA","time":"2026-05-13T16:00:00.000Z","lang":"en","value":"Initial publication."}],"solutions":[{"source":"CNA","title":"","value":"VERSION MINOR VERSION SUGGESTED SOLUTION\nGlobalProtect App 6.0 on Windows 6.0.0 through 6.0.12 Upgrade to 6.0.13 or later.\nGlobalProtect App 6.2 on Windows 6.2.0 through 6.2.8-h9 Upgrade to 6.2.8-h10 (6.2.8-948) or later.\nGlobalProtect App 6.3 on Windows 6.3.0 through 6.3.3-h8 Upgrade to 6.3.3-h9 (6.3.3-999) or later.\nGlobalProtect App 6.0 on macOS 6.0.0 through 6.0.12 Upgrade to 6.0.13 or later.\nGlobalProtect App 6.2 on macOS 6.2.0 through 6.2.8-h9 Upgrade to 6.2.8-h10 (6.2.8-948) or later.\nGlobalProtect App 6.3 on macOS 6.3.0 through 6.3.3-h8 Upgrade to 6.3.3-h9 (6.3.3-999) or later.\nGlobalProtect App 6.0 on Linux 6.0.0 through 6.0.10 Upgrade to 6.0.11 or later\nGlobalProtect App 6.2 on Linux 6.2.0 through 6.2.9 Upgrade to 6.3.3-h2 (6.3.3-42) or later.\nGlobalProtect App 6.3 on Linux 6.3.0 through 6.3.3-h1 Upgrade to 6.3.3-h2 (6.3.3-42) or later.\nGlobalProtect App on Android No action needed.\nGlobalProtect App on Chrome OS No action needed.\nGlobalProtect App on iOS No action needed.\nGlobalProtect App on UWP No action needed.","time":"","lang":"eng"}],"workarounds":[{"source":"CNA","title":"","value":"No known workarounds exist for this issue.","time":"","lang":"eng"}],"exploits":[{"source":"CNA","title":"","value":"Palo Alto Networks is not aware of any malicious exploitation of these issues.","time":"","lang":"en"}],"credits":[{"source":"CNA","value":"Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"251","cve":"CVE-2026-0251","epss":"0.000060000","percentile":"0.003590000","score_date":"2026-05-14","updated_at":"2026-05-15 00:08:12"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-0251","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-05-13T00:00:00+00:00","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-05-14T03:56:34.668Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"cpes":["cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.12:*:*:*:*:Windows:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.11:*:*:*:*:Windows:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.10:*:*:*:*:Windows:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.8:*:*:*:*:Windows:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.7:*:*:*:*:Windows:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.6:*:*:*:*:Windows:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.5:*:*:*:*:Windows:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.4:*:*:*:*:Windows:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.3:*:*:*:*:Windows:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.2:*:*:*:*:Windows:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.1:*:*:*:*:Windows:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.0:*:*:*:*:Windows:*:*"],"defaultStatus":"unaffected","platforms":["Windows"],"product":"GlobalProtect App","vendor":"Palo Alto Networks","versions":[{"changes":[{"at":"6.3.3-h9 (6.3.3-999)","status":"unaffected"}],"lessThan":"6.3.3-h9 (6.3.3-999)","status":"affected","version":"6.3.0","versionType":"custom"},{"changes":[{"at":"6.2.8-h10 (6.2.8-948)","status":"unaffected"}],"lessThan":"6.2.8-h10 (6.2.8-948)","status":"affected","version":"6.2.0","versionType":"custom"},{"changes":[{"at":"6.0.13","status":"unaffected"}],"lessThan":"6.0.13","status":"affected","version":"6.0.0","versionType":"custom"}]},{"cpes":["cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.12:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.11:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.10:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.8:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.7:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.6:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.5:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.4:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.3:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.2:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.1:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.0:*:*:*:*:macOS:*:*"],"defaultStatus":"unaffected","platforms":["macOS"],"product":"GlobalProtect App","vendor":"Palo Alto Networks","versions":[{"changes":[{"at":"6.3.3-h9 (6.3.3-999)","status":"unaffected"}],"lessThan":"6.3.3-h9 (6.3.3-999)","status":"affected","version":"6.3.0","versionType":"custom"},{"changes":[{"at":"6.2.8-h10 (6.2.8-948)","status":"unaffected"}],"lessThan":"6.2.8-h10 (6.2.8-948)","status":"affected","version":"6.2.0","versionType":"custom"},{"changes":[{"at":"6.0.13","status":"unaffected"}],"lessThan":"6.0.13","status":"affected","version":"6.0.0","versionType":"custom"}]},{"cpes":["cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.12:*:*:*:*:Linux:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.11:*:*:*:*:Linux:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.10:*:*:*:*:Linux:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.8:*:*:*:*:Linux:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.7:*:*:*:*:Linux:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.6:*:*:*:*:Linux:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.5:*:*:*:*:Linux:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.4:*:*:*:*:Linux:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.3:*:*:*:*:Linux:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.2:*:*:*:*:Linux:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.1:*:*:*:*:Linux:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.0:*:*:*:*:Linux:*:*"],"defaultStatus":"unaffected","platforms":["Linux"],"product":"GlobalProtect App","vendor":"Palo Alto Networks","versions":[{"changes":[{"at":"6.3.3-h2 (6.3.3-42)","status":"unaffected"}],"lessThan":"6.3.3-h2 (6.3.3-42)","status":"affected","version":"6.3.0","versionType":"custom"},{"changes":[{"at":"6.0.11","status":"unaffected"}],"lessThan":"6.0.11","status":"affected","version":"6.0.0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["Android","ChromeOS","iOS","UWP"],"product":"Global Protect App","vendor":"Palo Alto Networks","versions":[{"status":"unaffected","version":"All","versionType":"custom"}]}],"configurations":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"

No special configuration is required to be affected by this issue.

"}],"value":"No special configuration is required to be affected by this issue."}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Windows:*:*","versionEndExcluding":"6.3.3-h9_(6.3.3-999)","versionStartIncluding":"6.3.3","vulnerable":true},{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Windows:*:*","versionEndExcluding":"6.2.8-h10_(6.2.8-948)","versionStartIncluding":"6.2.8","vulnerable":true},{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Windows:*:*","versionEndExcluding":"6.0.13","versionStartIncluding":"6.0.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:*","versionEndExcluding":"6.3.3-h9_(6.3.3-999)","versionStartIncluding":"6.3.3","vulnerable":true},{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:*","versionEndExcluding":"6.2.8-h10_(6.2.8-948)","versionStartIncluding":"6.2.8","vulnerable":true},{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:*","versionEndExcluding":"6.0.13","versionStartIncluding":"6.0.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Linux:*:*","versionEndExcluding":"6.3.3-h2_(6.3.3-42)","versionStartIncluding":"6.3.3","vulnerable":true},{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Linux:*:*","versionEndExcluding":"6.0.11","versionStartIncluding":"6.0.0","vulnerable":true}],"negate":false,"operator":"OR"}],"operator":"OR"}],"credits":[{"lang":"en","type":"other","value":"Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."}],"datePublic":"2026-05-13T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app allow a local user to escalate their privileges to NT AUTHORITY\\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands with administrative privileges.

The GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.

"}],"value":"Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app allow a local user to escalate their privileges to NT AUTHORITY\\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands with administrative privileges.\n\nThe GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

Palo Alto Networks is not aware of any malicious exploitation of these issues.

"}],"value":"Palo Alto Networks is not aware of any malicious exploitation of these issues."}],"impacts":[{"capecId":"CAPEC-233","descriptions":[{"lang":"en","value":"CAPEC-233 Privilege Escalation"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NO","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":5.9,"baseSeverity":"MEDIUM","exploitMaturity":"UNREPORTED","privilegesRequired":"LOW","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-426","description":"CWE-426 Untrusted Search Path","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-13T18:20:01.156Z","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"references":[{"tags":["vendor-advisory"],"url":"https://security.paloaltonetworks.com/CVE-2026-0251"}],"solutions":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"
VersionMinor VersionSuggested Solution
GlobalProtect App 6.0 on Windows6.0.0 through 6.0.12Upgrade to 6.0.13 or later.
GlobalProtect App 6.2 on Windows6.2.0 through 6.2.8-h9Upgrade to 6.2.8-h10 (6.2.8-948) or later.
GlobalProtect App 6.3 on Windows6.3.0 through 6.3.3-h8Upgrade to 6.3.3-h9 (6.3.3-999) or later.
GlobalProtect App 6.0 on macOS6.0.0 through 6.0.12Upgrade to 6.0.13 or later.
GlobalProtect App 6.2 on macOS6.2.0 through 6.2.8-h9Upgrade to 6.2.8-h10 (6.2.8-948) or later.
GlobalProtect App 6.3 on macOS6.3.0 through 6.3.3-h8Upgrade to 6.3.3-h9 (6.3.3-999) or later.
GlobalProtect App 6.0 on Linux6.0.0 through 6.0.10Upgrade to 6.0.11 or later
GlobalProtect App 6.2 on Linux6.2.0 through 6.2.9Upgrade to 6.3.3-h2 (6.3.3-42) or later.
GlobalProtect App 6.3 on Linux6.3.0 through 6.3.3-h1Upgrade to 6.3.3-h2 (6.3.3-42) or later.
GlobalProtect App on Android
No action needed.
GlobalProtect App on Chrome OS
No action needed.
GlobalProtect App on iOS
No action needed.
GlobalProtect App on UWP
No action needed.
"}],"value":"VERSION MINOR VERSION SUGGESTED SOLUTION\nGlobalProtect App 6.0 on Windows 6.0.0 through 6.0.12 Upgrade to 6.0.13 or later.\nGlobalProtect App 6.2 on Windows 6.2.0 through 6.2.8-h9 Upgrade to 6.2.8-h10 (6.2.8-948) or later.\nGlobalProtect App 6.3 on Windows 6.3.0 through 6.3.3-h8 Upgrade to 6.3.3-h9 (6.3.3-999) or later.\nGlobalProtect App 6.0 on macOS 6.0.0 through 6.0.12 Upgrade to 6.0.13 or later.\nGlobalProtect App 6.2 on macOS 6.2.0 through 6.2.8-h9 Upgrade to 6.2.8-h10 (6.2.8-948) or later.\nGlobalProtect App 6.3 on macOS 6.3.0 through 6.3.3-h8 Upgrade to 6.3.3-h9 (6.3.3-999) or later.\nGlobalProtect App 6.0 on Linux 6.0.0 through 6.0.10 Upgrade to 6.0.11 or later\nGlobalProtect App 6.2 on Linux 6.2.0 through 6.2.9 Upgrade to 6.3.3-h2 (6.3.3-42) or later.\nGlobalProtect App 6.3 on Linux 6.3.0 through 6.3.3-h1 Upgrade to 6.3.3-h2 (6.3.3-42) or later.\nGlobalProtect App on Android No action needed.\nGlobalProtect App on Chrome OS No action needed.\nGlobalProtect App on iOS No action needed.\nGlobalProtect App on UWP No action needed."}],"source":{"discovery":"INTERNAL"},"timeline":[{"lang":"en","time":"2026-05-13T16:00:00.000Z","value":"Initial publication."}],"title":"GlobalProtect App: Local Privilege Escalation Vulnerabilities","workarounds":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"

No known workarounds exist for this issue.

"}],"value":"No known workarounds exist for this issue."}],"x_affectedList":["GlobalProtect App 6.0.12","GlobalProtect App 6.0.11","GlobalProtect App 6.0.10","GlobalProtect App 6.0.8","GlobalProtect App 6.0.7","GlobalProtect App 6.0.6","GlobalProtect App 6.0.5","GlobalProtect App 6.0.4","GlobalProtect App 6.0.3","GlobalProtect App 6.0.2","GlobalProtect App 6.0.1","GlobalProtect App 6.0.0","GlobalProtect App 6.0"],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}}},"cveMetadata":{"assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","cveId":"CVE-2026-0251","datePublished":"2026-05-13T18:20:01.156Z","dateReserved":"2025-11-03T20:44:11.930Z","dateUpdated":"2026-05-14T03:56:34.668Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-13 19:16:59","lastModifiedDate":"2026-05-14 16:21:23","problem_types":["CWE-426","CWE-426 CWE-426 Untrusted Search Path"],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"251","Ordinal":"1","Title":"GlobalProtect App: Local Privilege Escalation Vulnerabilities","CVE":"CVE-2026-0251","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"251","Ordinal":"1","NoteData":"Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app allow a local user to escalate their privileges to NT AUTHORITY\\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands with administrative privileges.\n\nThe GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.","Type":"Description","Title":"GlobalProtect App: Local Privilege Escalation Vulnerabilities"}]}}}