CVE-2026-0249
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect app allow an attacker to intercept encrypted communications and potentially compromise the endpoint. A local non-administrative OS user or an attacker on the same subnet can redirect traffic to an unauthorized server and facilitate malicious software installation. The GlobalProtect app on Linux, Windows, iOS, and GlobalProtect UWP are not affected.
Risk Assessment
The risk includes interception of sensitive data transmitted over encrypted connections and installation of malicious software on endpoints, potentially leading to data integrity and confidentiality breaches within the organization.
Recommendation
Immediately update the Palo Alto Networks GlobalProtect app to the latest patched version and implement network traffic monitoring to detect redirection attempts.
Original NVD description (English source)
Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subnet to redirect traffic to an unauthorized server and facilitate the installation of malicious software. The GlobalProtect app on Linux, Windows, iOS and GlobalProtect UWP app are not affected.

