CVE-2026-0267
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS allows a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the app. Once the passcode is known, the user can perform these actions even if the GlobalProtect configuration would not normally permit them.
Risk Assessment
The risk is that a local user can bypass administrative controls and disable GlobalProtect protection, potentially leading to a breach of organizational security policies and increased vulnerability to attacks.
Recommendation
It is recommended to immediately apply patches provided by Palo Alto Networks and restrict local access to macOS systems running GlobalProtect.
Original NVD description (English source)
An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so.

