Description
An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so.
Published: 2026-06-10
Score: 4.4 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows a local user on macOS to read the passcodes configured to disable, disconnect, or uninstall the GlobalProtect app. With the passcode in hand the user can perform those actions even though the app configuration would normally forbid them, effectively bypassing intended access controls. This results in elevated authority over the VPN client and the potential to disrupt or tamper with network connectivity.

Affected Systems

Palo Alto Networks GlobalProtect App on macOS versions 6.2.0 through 6.2.8-h1 and 6.3.0 through 6.3.3. The issue is specific to the macOS implementation; other platform versions are not affected.

Risk and Exploitability

The CVSS score is 4.4, indicating a moderate impact. The EPSS score is not available, but the lack of a listed KEV entry suggests that exploitation is not currently widespread or a known threat. The attack vector appears to be local; a user must have file system access on the macOS host to obtain the passcode. Once obtained, the user can bypass configuration restrictions, but no remote exploitation capability is disclosed.

Generated by OpenCVE AI on June 10, 2026 at 23:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the GlobalProtect App on macOS to 6.3.3-h1 or later if currently running 6.3.x
  • Upgrade the GlobalProtect App on macOS to 6.2.8-h2 or later if currently running 6.2.x
  • On PAN‑OS or Panorama, configure the portal agent settings to disallow uninstall of the GlobalProtect App

Generated by OpenCVE AI on June 10, 2026 at 23:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Palo Alto Networks globalprotect Uwp App
Vendors & Products Palo Alto Networks globalprotect Uwp App

Wed, 10 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so.
Title GlobalProtect App: Information Exposure Vulnerability on macOS
First Time appeared Palo Alto Networks
Palo Alto Networks globalprotect App
Weaknesses CWE-532
CPEs cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.0:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.1:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.2:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.3:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.4:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.6:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.7:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.8:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.0:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.1:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.2:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.3:*:*:*:*:macOS:*:*
Vendors & Products Palo Alto Networks
Palo Alto Networks globalprotect App
References
Metrics cvssV4_0

{'score': 4.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber'}

Subscriptions

Palo Alto Networks Globalprotect App Globalprotect Uwp App
cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published:

Updated: 2026-06-10T20:31:37.320Z

Reserved: 2025-11-03T20:44:27.401Z

Link: CVE-2026-0267

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-10T22:16:53.187

Modified: 2026-06-10T22:16:53.187

Link: CVE-2026-0267

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T23:45:43Z

Weaknesses
  • CWE-532

    Insertion of Sensitive Information into Log File