{"api_version":"1","generated_at":"2026-06-22T22:52:29+00:00","cve":"CVE-2026-0267","urls":{"html":"https://cve.report/CVE-2026-0267","api":"https://cve.report/api/cve/CVE-2026-0267.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-0267","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-0267"},"summary":{"title":"GlobalProtect App: Information Exposure Vulnerability on macOS","description":"An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so.","state":"PUBLISHED","assigner":"palo_alto","published_at":"2026-06-10 22:16:53","updated_at":"2026-06-11 15:21:30"},"problem_types":["CWE-532","CWE-532 CWE-532 Insertion of Sensitive Information into Log File"],"metrics":[{"version":"4.0","source":"psirt@paloaltonetworks.com","type":"Secondary","score":"4.4","severity":"MEDIUM","vector":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"4.4","severity":"MEDIUM","vector":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber","data":{"Automatable":"NO","Recovery":"AUTOMATIC","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":4.4,"baseSeverity":"MEDIUM","exploitMaturity":"UNREPORTED","privilegesRequired":"LOW","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"LOW","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"MODERATE"}}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-8687","name":"https://security.paloaltonetworks.com/CVE-2024-8687","refsource":"psirt@paloaltonetworks.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://security.paloaltonetworks.com/CVE-2026-0267","name":"https://security.paloaltonetworks.com/CVE-2026-0267","refsource":"psirt@paloaltonetworks.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-0267","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0267","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"affected 6.3.0 6.3.3-h1 custom","platforms":["macOS"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"affected 6.2.0 6.2.8-h2 custom","platforms":["macOS"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect App","version":"unaffected All custom","platforms":["Windows","Linux","iOS","Android","Chrome OS"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"GlobalProtect UWP App","version":"unaffected All custom","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-06-10T16:00:00.000Z","lang":"en","value":"Initial publication"}],"solutions":[{"source":"CNA","title":"","value":"VERSION MINOR VERSION RANGE SUGGESTED SOLUTION\nGlobalProtect App 6.3 on macOS 6.3.0 through 6.3.3 Upgrade to 6.3.3-h1 or later.\nGlobalProtect App 6.2 on macOS 6.2.0 through 6.2.8-h1 Upgrade to 6.2.8-h2 or later.\nGlobalProtect App on Windows Not Applicable\nGlobalProtect App on Linux Not Applicable\nGlobalProtect App on iOS Not Applicable\nGlobalProtect App on Android Not Applicable\nGlobalProtect App on Chrome OS Not Applicable","time":"","lang":"eng"}],"workarounds":[{"source":"CNA","title":"","value":"On the GlobalProtect Portal configuration on PAN-OS firewalls or Panorama, change the following setting (if enabled) to \"Disallow\":\n * Network > GlobalProtect > Portals > (portal-config) > Agent > (agent-config) > App > Allow User to Uninstall GlobalProtect App > Disallow","time":"","lang":"eng"}],"exploits":[{"source":"CNA","title":"","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","time":"","lang":"en"}],"credits":[{"source":"CNA","value":"Palo Alto Networks thanks one of our customers for discovering and reporting this issue.","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"267","cve":"CVE-2026-0267","epss":"0.001100000","percentile":"0.015450000","score_date":"2026-06-17","updated_at":"2026-06-18 00:11:05"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-0267","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-11T14:41:13.659641Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-11T14:41:21.436Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"cpes":["cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.3:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.2:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.1:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.0:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.8:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.7:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.6:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.4:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.3:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.2:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.1:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.0:*:*:*:*:macOS:*:*"],"defaultStatus":"unaffected","platforms":["macOS"],"product":"GlobalProtect App","vendor":"Palo Alto Networks","versions":[{"changes":[{"at":"6.3.3-h1","status":"unaffected"}],"lessThan":"6.3.3-h1","status":"affected","version":"6.3.0","versionType":"custom"},{"changes":[{"at":"6.2.8-h2","status":"unaffected"}],"lessThan":"6.2.8-h2","status":"affected","version":"6.2.0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["Windows","Linux","iOS","Android","Chrome OS"],"product":"GlobalProtect App","vendor":"Palo Alto Networks","versions":[{"status":"unaffected","version":"All","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"GlobalProtect UWP App","vendor":"Palo Alto Networks","versions":[{"status":"unaffected","version":"All","versionType":"custom"}]}],"configurations":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"This issue applies to GlobalProtect app deployments where the following feature is enabled on the GlobalProtect Portal configuration on PAN-OS firewalls or Panorama:
"}],"value":"This issue applies to GlobalProtect app deployments where the following feature is enabled on the GlobalProtect Portal configuration on PAN-OS firewalls or Panorama:\n\n * Network > GlobalProtect > Portals > (portal-config) > Agent > (agent-config) > App > Allow User to Uninstall GlobalProtect App > Allow with Password"}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:*","versionEndExcluding":"6.3.3-h1","versionStartIncluding":"6.3.3","vulnerable":true},{"criteria":"cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:*","versionEndExcluding":"6.2.8-h2","versionStartIncluding":"6.2.8","vulnerable":true}],"negate":false,"operator":"OR"}],"operator":"OR"}],"credits":[{"lang":"en","type":"finder","value":"Palo Alto Networks thanks one of our customers for discovering and reporting this issue."}],"datePublic":"2026-06-10T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so."}],"value":"An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}],"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}],"impacts":[{"capecId":"CAPEC-155","descriptions":[{"lang":"en","value":"CAPEC-155 Screen Temporary Files for Sensitive Information"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NO","Recovery":"AUTOMATIC","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":4.4,"baseSeverity":"MEDIUM","exploitMaturity":"UNREPORTED","privilegesRequired":"LOW","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"LOW","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-532","description":"CWE-532 Insertion of Sensitive Information into Log File","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-10T20:31:37.320Z","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"references":[{"tags":["vendor-advisory"],"url":"https://security.paloaltonetworks.com/CVE-2026-0267"},{"tags":["related"],"url":"https://security.paloaltonetworks.com/CVE-2024-8687"}],"solutions":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"
VersionMinor Version RangeSuggested Solution
GlobalProtect App 6.3 on macOS6.3.0 through 6.3.3Upgrade to 6.3.3-h1 or later.
GlobalProtect App 6.2 on macOS6.2.0 through 6.2.8-h1Upgrade to 6.2.8-h2 or later.
GlobalProtect App on WindowsNot Applicable
GlobalProtect App on LinuxNot Applicable
GlobalProtect App on iOSNot Applicable
GlobalProtect App on AndroidNot Applicable
GlobalProtect App on Chrome OSNot Applicable
"}],"value":"VERSION MINOR VERSION RANGE SUGGESTED SOLUTION\nGlobalProtect App 6.3 on macOS 6.3.0 through 6.3.3 Upgrade to 6.3.3-h1 or later.\nGlobalProtect App 6.2 on macOS 6.2.0 through 6.2.8-h1 Upgrade to 6.2.8-h2 or later.\nGlobalProtect App on Windows Not Applicable\nGlobalProtect App on Linux Not Applicable\nGlobalProtect App on iOS Not Applicable\nGlobalProtect App on Android Not Applicable\nGlobalProtect App on Chrome OS Not Applicable"}],"source":{"discovery":"USER"},"timeline":[{"lang":"en","time":"2026-06-10T16:00:00.000Z","value":"Initial publication"}],"title":"GlobalProtect App: Information Exposure Vulnerability on macOS","workarounds":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"On the GlobalProtect Portal configuration on PAN-OS firewalls or Panorama, change the following setting (if enabled) to \"Disallow\":"}],"value":"On the GlobalProtect Portal configuration on PAN-OS firewalls or Panorama, change the following setting (if enabled) to \"Disallow\":\n * Network > GlobalProtect > Portals > (portal-config) > Agent > (agent-config) > App > Allow User to Uninstall GlobalProtect App > Disallow"}],"x_affectedList":["GlobalProtect App 6.3.3","GlobalProtect App 6.3.2","GlobalProtect App 6.3.1","GlobalProtect App 6.3.0","GlobalProtect App 6.3","GlobalProtect App 6.2.8","GlobalProtect App 6.2.7","GlobalProtect App 6.2.6","GlobalProtect App 6.2.4","GlobalProtect App 6.2.3","GlobalProtect App 6.2.2","GlobalProtect App 6.2.1","GlobalProtect App 6.2.0","GlobalProtect App 6.2"],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}}},"cveMetadata":{"assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","cveId":"CVE-2026-0267","datePublished":"2026-06-10T20:31:37.320Z","dateReserved":"2025-11-03T20:44:27.401Z","dateUpdated":"2026-06-11T14:41:21.436Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-10 22:16:53","lastModifiedDate":"2026-06-11 15:21:30","problem_types":["CWE-532","CWE-532 CWE-532 Insertion of Sensitive Information into Log File"],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"267","Ordinal":"1","Title":"GlobalProtect App: Information Exposure Vulnerability on macOS","CVE":"CVE-2026-0267","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"267","Ordinal":"1","NoteData":"An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so.","Type":"Description","Title":"GlobalProtect App: Information Exposure Vulnerability on macOS"}]}}}