Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-0250

Summary
Assigner-palo_alto
Assigner Org ID-d6c1279f-00f6-4ef7-9217-f89ffe703ec0
Published At-13 May, 2026 | 18:26
Updated At-14 May, 2026 | 03:56
Rejected At-
Credits

GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway

A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtectâ„¢ app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of requests and responses exchanged between Portal and Gateway. The GlobalProtect app on iOS is not affected.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:palo_alto
Assigner Org ID:d6c1279f-00f6-4ef7-9217-f89ffe703ec0
Published At:13 May, 2026 | 18:26
Updated At:14 May, 2026 | 03:56
Rejected At:
â–¼CVE Numbering Authority (CNA)
GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway

A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtectâ„¢ app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of requests and responses exchanged between Portal and Gateway. The GlobalProtect app on iOS is not affected.

Affected Products
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
GlobalProtect App
Platforms
  • Windows
  • MacOS
Default Status
unaffected
Versions
Affected
  • From 6.3.0 before 6.3.3-h9 (6.3.3-999) (custom)
    • -> unaffectedfrom6.3.3-h9 (6.3.3-999)
  • From 6.2.0 before 6.2.8-h10 (6.2.8-948) (custom)
    • -> unaffectedfrom6.2.8-h10 (6.2.8-948)
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
GlobalProtect App
Platforms
  • Android
  • Chrome OS
Default Status
unaffected
Versions
Affected
  • From 6.1 before 6.1.13 (custom)
    • -> unaffectedfrom6.1.13
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
GlobalProtect App
Platforms
  • Linux
Default Status
unaffected
Versions
Affected
  • From 6.3.0 before 6.3.3-h2 (6.3.3-42) (custom)
    • -> unaffectedfrom6.3.3-h2 (6.3.3-42)
  • From 6.0.0 before 6.0.11 (custom)
    • -> unaffectedfrom6.0.11
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
GlobalProtect App
Platforms
  • Windows
  • MacOS
Default Status
unaffected
Versions
Affected
  • From 6.0 before 6.0.13 (custom)
    • -> unaffectedfrom6.0.13
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
GlobalProtect App
Platforms
  • Android
  • Chrome OS
Default Status
unaffected
Versions
Affected
  • From 6.0 before 6.0.14 (custom)
    • -> unaffectedfrom6.0.14
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
GlobalProtect UWP App
Platforms
  • Windows
Default Status
unaffected
Versions
Affected
  • From 6.3 before 6.3.3-h10 (custom)
    • -> unaffectedfrom6.3.3-h10
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
GlobalProtect App
Platforms
  • iOS
Default Status
unaffected
Versions
Unaffected
  • All (custom)
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
4.05.2MEDIUM
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber
Version: 4.0
Base score: 5.2
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-540CAPEC-540 Overread Buffers
CAPEC ID: CAPEC-540
Description: CAPEC-540 Overread Buffers
Solutions

VERSION MINOR VERSION SUGGESTED SOLUTION GlobalProtect App 6.3 on Windows 6.3.0 through 6.3.3-h8 Upgrade to 6.3.3-h9 (6.3.3-999) or later. GlobalProtect App 6.2 on Windows 6.2.0 through 6.2.8-h9 Upgrade to 6.2.8-h10 (6.2.8-948) or later. GlobalProtect App 6.0 on Windows 6.0.0 through 6.0.12 Upgrade to 6.0.13 or later. GlobalProtect App 6.0 on Linux 6.0.0 through 6.0.10 Upgrade to 6.0.11 or later. GlobalProtect App 6.2/6.3 on Linux 6.2.0 through 6.3.3-h1 Upgrade to 6.3.3-h2 (6.3.3-42) or later. GlobalProtect App 6.3 on macOS 6.3.0 through 6.3.3-h8 Upgrade to 6.3.3-h9 (6.3.3-999) or later. GlobalProtect App 6.2 on macOS 6.2.0 through 6.2.8-h9 Upgrade to 6.2.8-h10 (6.2.8-948) or later. GlobalProtect App 6.0 on macOS 6.0.0 through 6.0.12 Upgrade to 6.0.13 or later. GlobalProtect App 6.1 on Android 6.1.0 through 6.1.12 Upgrade to 6.1.13 or later. GlobalProtect App 6.0 on Android 6.0.0 through 6.0.13 Upgrade to 6.0.14 or later. GlobalProtect App 6.1 on ChromeOS 6.1.0 through 6.1.12 Upgrade to 6.1.13 or later. GlobalProtect App 6.0 on ChromeOS 6.0.0 through 6.0.13 Upgrade to 6.0.14 or later. GlobalProtect UWP App 6.1.0 through 6.3.3-h9 Upgrade to 6.3.3-h10 or later. GlobalProtect App on iOS No action needed

Configurations

No special configuration is required to be affected by this issue.

Workarounds

No known workarounds exist for this issue.

Exploits

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Credits
other
our internal security research teams
Timeline
EventDate
Initial Publication.2026-05-13 16:00:00
Event: Initial Publication.
Date: 2026-05-13 16:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.paloaltonetworks.com/CVE-2026-0250
vendor-advisory
Hyperlink: https://security.paloaltonetworks.com/CVE-2026-0250
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@paloaltonetworks.com
Published At:13 May, 2026 | 19:16
Updated At:13 May, 2026 | 19:16

A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtectâ„¢ app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of requests and responses exchanged between Portal and Gateway. The GlobalProtect app on iOS is not affected.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.2MEDIUM
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
Type: Secondary
Version: 4.0
Base score: 5.2
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-787Secondarypsirt@paloaltonetworks.com
CWE ID: CWE-787
Type: Secondary
Source: psirt@paloaltonetworks.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.paloaltonetworks.com/CVE-2026-0250psirt@paloaltonetworks.com
N/A
Hyperlink: https://security.paloaltonetworks.com/CVE-2026-0250
Source: psirt@paloaltonetworks.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

10Records found
CVE-2026-0263
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-7.2||HIGH
EPSS-0.06% / 18.57%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 17:47
Updated-14 May, 2026 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing

A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS® software allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on the firewall, or cause a denial of service (DoS) condition. Panorama, Cloud NGFW, and Prisma® Access are not impacted by these vulnerabilities.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-Prisma AccessCloud NGFWPAN-OS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-9468
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-8.2||HIGH
EPSS-0.60% / 69.71%
||
7 Day CHG~0.00%
Published-09 Oct, 2024 | 17:05
Updated-01 Dec, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Firewall Denial of Service (DoS) via a Maliciously Crafted Packet

A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-osCloud NGFWPAN-OSPrisma Access
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-0300
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-9.3||CRITICAL
EPSS-14.43% / 94.50%
||
7 Day CHG+9.15%
Published-06 May, 2026 | 18:57
Updated-12 May, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-05-09||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Until the vendor releases an official fix, the following workaround should be implemented: - Restrict User-ID Authentication Portal access to only trusted zones. - Disable User-ID Authentication Portal if not required. 5/13/2026: Palo Alto has released a variety of patches. If these are relevant to your environment, please apply the designate
PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-IDâ„¢ Authentication Portal

A buffer overflow vulnerability in the User-IDâ„¢ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-IDâ„¢ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.

Action-Not Available
Vendor-Siemens AGPalo Alto Networks, Inc.
Product-pa-505pa-1420pa-5440vm-700vm-500pa-455-5gpa-460pa-540pan-ospa-5420pa-7500pa-7500-dpc-apa-450rpa-455r-5gpa-5570pa-5410pa-410rpa-5560vm-50pa-1410pa-520pa-440pa-455pa-3430pa-555-poepa-501vm-300pa-415pa-3420pa-5550pa-545-poepa-3440pa-5580pa-510pa-5450pa-5540pa-560pa-415-5gpa-445pa-410r-5gvm-100pa-5445pa-3410pa-450pa-5430pa-550pa-410pa-450r-5gPrisma AccessCloud NGFWPAN-OSRUGGEDCOM APE1808PAN-OS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3057
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-8.1||HIGH
EPSS-1.08% / 78.08%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 16:10
Updated-17 Sep, 2024 | 01:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GlobalProtect App: Buffer Overflow Vulnerability When Connecting to Portal or Gateway

A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.9 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on the Universal Windows Platform; GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.1 on Linux.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-globalprotectGlobalProtect App
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3064
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-9.8||CRITICAL
EPSS-53.11% / 97.99%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 17:10
Updated-17 Sep, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Prisma Access customers are not impacted by this issue.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-osPAN-OSPrisma Access
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3056
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-8.8||HIGH
EPSS-0.75% / 73.36%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 17:10
Updated-16 Sep, 2024 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication

A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. Prisma Access customers with Prisma Access 2.1 Preferred firewalls are impacted by this issue.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-osPAN-OSPrisma Access
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-2027
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-7.2||HIGH
EPSS-2.40% / 85.23%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 17:28
Updated-17 Sep, 2024 | 03:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Buffer overflow in authd authentication response

A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. This issue affects: All versions of PAN-OS 7.1 and PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13; PAN-OS 9.0 versions earlier than PAN-OS 9.0.7.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-osPAN-OS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-2001
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-8.1||HIGH
EPSS-1.52% / 81.47%
||
7 Day CHG~0.00%
Published-13 May, 2020 | 19:07
Updated-16 Sep, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Panorama External control of file vulnerability leads to privilege escalation

An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges. This issue affects: All PAN-OS 7.1 Panorama and 8.0 Panorama versions; PAN-OS 8.1 versions earlier than 8.1.12 on Panorama; PAN-OS 9.0 versions earlier than 9.0.6 on Panorama.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-osPAN-OS
CWE ID-CWE-123
Write-what-where Condition
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-1990
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-7.2||HIGH
EPSS-1.38% / 80.48%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 18:41
Updated-17 Sep, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Buffer overflow in the management server

A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 8.1 versions before 8.1.13; 9.0 versions before 9.0.7. This issue does not affect PAN-OS 7.1.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-osPAN-OS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-2006
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-7.2||HIGH
EPSS-1.53% / 81.48%
||
7 Day CHG~0.00%
Published-13 May, 2020 | 19:07
Updated-16 Sep, 2024 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Buffer overflow in management server payload parser

A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-osPAN-OS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
Details not found