CVE Catalog

CVE-2026-0267

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

2th percentile — higher than 2% of all known CVEs

Summary

An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS allows a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the app. Once the passcode is known, the user can perform these actions even if the GlobalProtect configuration would not normally permit them.

Risk Assessment

The risk is that a local user can bypass administrative controls and disable GlobalProtect protection, potentially leading to a breach of organizational security policies and increased vulnerability to attacks.

Recommendation

It is recommended to immediately apply patches provided by Palo Alto Networks and restrict local access to macOS systems running GlobalProtect.

Original NVD description (English source)

An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS