CVE-2026-0250 - Vulnerability Details

- GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway

Description

A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect™ app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of requests and responses exchanged between Portal and Gateway.

The GlobalProtect app on iOS is not affected.

Published: 2026-05-13

Score: 5.2 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A buffer overflow in the GlobalProtect app occurs during the handling of requests and responses exchanged between the VPN Portal and Gateway. This flaw can be exploited by an attacker who places themselves as a man‑in‑the‑middle to corrupt memory, disrupt system processes, and potentially execute arbitrary code with SYSTEM privileges. The vulnerability does not depend on local privilege escalation, making it useful to attackers who can intercept VPN traffic.

Affected Systems

Palo Alto Networks GlobalProtect App is affected on Windows, macOS, Linux, Android, ChromeOS, and the UWP App on Windows. Affected versions span 6.0 through 6.3 on Windows, macOS, and Linux; 6.1 through 6.3 on Android and ChromeOS; and 6.3.3‑h9 or earlier on the UWP App. The iOS app is not impacted. The vendor recommends upgrading to the specified higher release for each platform (e.g., 6.3.3‑h9 or later on Windows, 6.3.3‑h2 or later on Linux).

Risk and Exploitability

The CVSS score of 5.2 reflects a moderate severity. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is a network‑based man‑in‑the‑middle that can inject or intercept packets between the client and the Portal/Gateway. Because the flaw can lead to SYSTEM‑privilege code execution, the potential impact is high if an attacker succeeds. The absence of a public workaround and the moderate exploitability emphasize the need to apply the vendor‑supplied patches promptly.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Palo Alto Networks

GlobalProtect App

unaffected

Version	Status	Constraints
`6.3.0`	affected	< 6.3.3-h9 (6.3.3-999)
`6.2.0`	affected	< 6.2.8-h10 (6.2.8-948)

Palo Alto Networks

GlobalProtect App

unaffected

Version	Status	Constraints
`6.1`	affected	< 6.1.13

Palo Alto Networks

GlobalProtect App

unaffected

Version	Status	Constraints
`6.3.0`	affected	< 6.3.3-h2 (6.3.3-42)
`6.0.0`	affected	< 6.0.11

Palo Alto Networks

GlobalProtect App

unaffected

Version	Status	Constraints
`6.0`	affected	< 6.0.13

Palo Alto Networks

GlobalProtect App

unaffected

Version	Status	Constraints
`6.0`	affected	< 6.0.14

Palo Alto Networks

GlobalProtect UWP App

unaffected

Version	Status	Constraints
`6.3`	affected	< 6.3.3-h10

Palo Alto Networks

GlobalProtect App

unaffected

Version	Status	Constraints
`All`	unaffected	—

No data.

Vendor Product Confidence Versions

Palo Alto Networks

Globalprotect App

96%

Version	Status	Scheme	Platform
`[6.3.0,6.3.3-h9)`	affected	semver	['windows', 'macos']
`[6.2.0,6.2.8-h10)`	affected	semver	['windows', 'macos']
`[6.1,6.1.13)`	affected	generic	['android', 'chrome_os']
`[6.3.0,6.3.3-h2)`	affected	semver	['linux']
`[6.0.0,6.0.11)`	affected	semver	['linux']
`[6.0,6.0.13)`	affected	generic	['windows', 'macos']
`[6.0,6.0.14)`	affected	generic	['android', 'chrome_os']
`[6.3,6.3.3-h10)`	affected	generic	['windows']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade GlobalProtect App to the latest supported version for the platform as listed by Palo Alto Networks (e.g., 6.3.3‑h9 or later on Windows, 6.3.3‑h2 or later on Linux, 6.3.3‑h9 or later on macOS, 6.1.13 or later on Android and ChromeOS, and 6.3.3‑h10 or later on UWP).
Enforce strict network segmentation and TLS inspection to reduce the window for a man‑in‑the‑middle attack.
Monitor VPN client traffic for anomalous request/response patterns that could indicate an exploitation attempt.

Generated by OpenCVE AI on May 13, 2026 at 19:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00007.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://security.paloaltonetworks.com/CVE-2026-0250

History

Thu, 14 May 2026 05:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 13 May 2026 18:30:00 +0000

Type	Values Removed	Values Added
Description		A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect™ app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of requests and responses exchanged between Portal and Gateway. The GlobalProtect app on iOS is not affected.
Title		GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway
First Time appeared		Palo Alto Networks Palo Alto Networks globalprotect App Palo Alto Networks globalprotect Uwp App
Weaknesses		CWE-787
CPEs		cpe:2.3:a:palo_alto_networks:globalprotect_app:::android:::::* cpe:2.3:a:palo_alto_networks:globalprotect_app:::chrome_os:::::* cpe:2.3:a:palo_alto_networks:globalprotect_app:::linux:::::* cpe:2.3:a:palo_alto_networks:globalprotect_app:::macos:::::* cpe:2.3:a:palo_alto_networks:globalprotect_app:::windows:::::* cpe:2.3:a:palo_alto_networks:globalprotect_app:all::ios::::: cpe:2.3:a:palo_alto_networks:globalprotect_uwp_app:::windows:::::*
Vendors & Products		Palo Alto Networks Palo Alto Networks globalprotect App Palo Alto Networks globalprotect Uwp App
References		https://security.paloaltonetworks.com/CVE-2026-0250
Metrics		cvssV4_0 `{'score': 5.2, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber'}`

Subscriptions

Palo Alto Networks Globalprotect App Globalprotect Uwp App

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2026-05-13T18:26:51.927Z

Updated: 2026-05-14T03:56:37.034Z

Reserved: 2025-11-03T20:44:11.022Z

Link: CVE-2026-0250

Vulnrichment

Updated: 2026-05-13T18:43:20.539Z

NVD

Status : Awaiting Analysis

Published: 2026-05-13T19:16:59.260

Modified: 2026-05-14T16:21:23.190

Link: CVE-2026-0250

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-14T14:30:15Z

Weaknesses

CWE-787
Out-of-bounds Write

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object