{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2026-0267", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2025-11-03T20:44:27.401Z", "datePublished": "2026-06-10T20:31:37.320Z", "dateUpdated": "2026-06-11T14:41:21.436Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-06-10T20:31:37.320Z" }, "title": "GlobalProtect App: Information Exposure Vulnerability on macOS", "datePublic": "2026-06-10T16:00:00.000Z", "problemTypes": [ { "descriptions": [ { "lang": "en", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "type": "CWE" } ] } ], "impacts": [ { "capecId": "CAPEC-155", "descriptions": [ { "lang": "en", "value": "CAPEC-155 Screen Temporary Files for Sensitive Information" } ] } ], "affected": [ { "vendor": "Palo Alto Networks", "product": "GlobalProtect App", "platforms": [ "macOS" ], "versions": [ { "status": "affected", "version": "6.3.0", "lessThan": "6.3.3-h1", "changes": [ { "at": "6.3.3-h1", "status": "unaffected" } ], "versionType": "custom" }, { "status": "affected", "version": "6.2.0", "lessThan": "6.2.8-h2", "changes": [ { "at": "6.2.8-h2", "status": "unaffected" } ], "versionType": "custom" } ], "defaultStatus": "unaffected", "cpes": [ "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.3:*:*:*:*:macOS:*:*", "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.2:*:*:*:*:macOS:*:*", "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.1:*:*:*:*:macOS:*:*", "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.0:*:*:*:*:macOS:*:*", "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.8:*:*:*:*:macOS:*:*", "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.7:*:*:*:*:macOS:*:*", "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.6:*:*:*:*:macOS:*:*", "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.4:*:*:*:*:macOS:*:*", "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.3:*:*:*:*:macOS:*:*", "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.2:*:*:*:*:macOS:*:*", "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.1:*:*:*:*:macOS:*:*", "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.0:*:*:*:*:macOS:*:*" ] }, { "vendor": "Palo Alto Networks", "product": "GlobalProtect App", "platforms": [ "Windows", "Linux", "iOS", "Android", "Chrome OS" ], "versions": [ { "status": "unaffected", "version": "All", "versionType": "custom" } ], "defaultStatus": "unaffected" }, { "vendor": "Palo Alto Networks", "product": "GlobalProtect UWP App", "versions": [ { "status": "unaffected", "version": "All", "versionType": "custom" } ], "defaultStatus": "unaffected" } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:*", "versionEndExcluding": "6.3.3-h1", "versionStartIncluding": "6.3.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:*", "versionEndExcluding": "6.2.8-h2", "versionStartIncluding": "6.2.8", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "OR" } ], "descriptions": [ { "lang": "en", "value": "An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so." } ] } ], "references": [ { "url": "https://security.paloaltonetworks.com/CVE-2026-0267", "tags": [ "vendor-advisory" ] }, { "url": "https://security.paloaltonetworks.com/CVE-2024-8687", "tags": [ "related" ] } ], "metrics": [ { "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ], "cvssV4_0": { "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "Safety": "NOT_DEFINED", "Automatable": "NO", "Recovery": "AUTOMATIC", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "AMBER", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 4.4, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber" } } ], "configurations": [ { "lang": "eng", "value": "This issue applies to GlobalProtect app deployments where the following feature is enabled on the GlobalProtect Portal configuration on PAN-OS firewalls or Panorama:\n\n * Network > GlobalProtect > Portals > (portal-config) > Agent > (agent-config) > App > Allow User to Uninstall GlobalProtect App > Allow with Password", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "This issue applies to GlobalProtect app deployments where the following feature is enabled on the GlobalProtect Portal configuration on PAN-OS firewalls or Panorama:
" } ] } ], "workarounds": [ { "lang": "eng", "value": "On the GlobalProtect Portal configuration on PAN-OS firewalls or Panorama, change the following setting (if enabled) to \"Disallow\":\n * Network > GlobalProtect > Portals > (portal-config) > Agent > (agent-config) > App > Allow User to Uninstall GlobalProtect App > Disallow", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "On the GlobalProtect Portal configuration on PAN-OS firewalls or Panorama, change the following setting (if enabled) to \"Disallow\":" } ] } ], "solutions": [ { "lang": "eng", "value": "VERSION MINOR VERSION RANGE SUGGESTED SOLUTION\nGlobalProtect App 6.3 on macOS 6.3.0 through 6.3.3 Upgrade to 6.3.3-h1 or later.\nGlobalProtect App 6.2 on macOS 6.2.0 through 6.2.8-h1 Upgrade to 6.2.8-h2 or later.\nGlobalProtect App on Windows Not Applicable\nGlobalProtect App on Linux Not Applicable\nGlobalProtect App on iOS Not Applicable\nGlobalProtect App on Android Not Applicable\nGlobalProtect App on Chrome OS Not Applicable", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "
VersionMinor Version RangeSuggested Solution
GlobalProtect App 6.3 on macOS6.3.0 through 6.3.3Upgrade to 6.3.3-h1 or later.
GlobalProtect App 6.2 on macOS6.2.0 through 6.2.8-h1Upgrade to 6.2.8-h2 or later.
GlobalProtect App on WindowsNot Applicable
GlobalProtect App on LinuxNot Applicable
GlobalProtect App on iOSNot Applicable
GlobalProtect App on AndroidNot Applicable
GlobalProtect App on Chrome OSNot Applicable
" } ] } ], "exploits": [ { "lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue." } ] } ], "timeline": [ { "time": "2026-06-10T16:00:00.000Z", "lang": "en", "value": "Initial publication" } ], "credits": [ { "lang": "en", "value": "Palo Alto Networks thanks one of our customers for discovering and reporting this issue.", "type": "finder" } ], "source": { "discovery": "USER" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" }, "x_affectedList": [ "GlobalProtect App 6.3.3", "GlobalProtect App 6.3.2", "GlobalProtect App 6.3.1", "GlobalProtect App 6.3.0", "GlobalProtect App 6.3", "GlobalProtect App 6.2.8", "GlobalProtect App 6.2.7", "GlobalProtect App 6.2.6", "GlobalProtect App 6.2.4", "GlobalProtect App 6.2.3", "GlobalProtect App 6.2.2", "GlobalProtect App 6.2.1", "GlobalProtect App 6.2.0", "GlobalProtect App 6.2" ] }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2026-06-11T14:41:13.659641Z", "id": "CVE-2026-0267", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-11T14:41:21.436Z" } } ] } }