Multiple Vulnerabilities in Palo Alto Networks GlobalProtect App Exposed

Severity: High (Score: 60.6)

Sources: cwe.mitre.org, capec.mitre.org, Security.Paloaltonetworks, security.paloaltonetworks.com

Summary

Palo Alto Networks disclosed two critical vulnerabilities in their GlobalProtect app. CVE-2026-0251, published on 2026-05-13, allows local privilege escalation on Windows, macOS, and Linux, enabling non-administrative users to execute commands with elevated privileges. CVE-2026-0249, reported on 2026-05-14, involves improper certificate validation that could allow attackers to intercept encrypted communications. The vulnerabilities affect various versions of the GlobalProtect app, with specific upgrade recommendations provided. No malicious exploitation has been reported for either vulnerability. Users of the GlobalProtect app on iOS, Android, and Chrome OS are not affected by these issues. Immediate action is advised for affected systems to mitigate potential risks. Key Points: • CVE-2026-0251 allows local privilege escalation on Windows, macOS, and Linux. • CVE-2026-0249 enables interception of encrypted communications on macOS under specific conditions. • Users are urged to upgrade to the latest versions of the GlobalProtect app to mitigate risks.

Key Entities

• Man-in-the-Middle (attack_type)
• CVE-2026-0251 (cve)
• Cwe-295 - Improper Certificate Validation (cwe)
• Cwe-426 - Untrusted Search Path (cwe)
• Android (platform)
• Chrome OS (platform)
• GlobalProtect (platform)
• IOS (platform)
• Linux (platform)