ByteOS Network

Vulnerability Details :

CVE-2026-0251

Assigner Org ID-d6c1279f-00f6-4ef7-9217-f89ffe703ec0

Published At-13 May, 2026 | 18:20

Updated At-14 May, 2026 | 03:56

GlobalProtect App: Local Privilege Escalation Vulnerabilities

Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app allow a local user to escalate their privileges to NT AUTHORITY\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands with administrative privileges. The GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:palo_alto

Assigner Org ID:d6c1279f-00f6-4ef7-9217-f89ffe703ec0

Published At:13 May, 2026 | 18:20

Updated At:14 May, 2026 | 03:56

▼CVE Numbering Authority (CNA)

GlobalProtect App: Local Privilege Escalation Vulnerabilities

Affected Products

Vendor

Palo Alto Networks, Inc.

Product

GlobalProtect App

CPEs

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.12:*:*:*:*:Windows:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.11:*:*:*:*:Windows:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.10:*:*:*:*:Windows:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.8:*:*:*:*:Windows:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.7:*:*:*:*:Windows:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.6:*:*:*:*:Windows:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.5:*:*:*:*:Windows:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.4:*:*:*:*:Windows:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.3:*:*:*:*:Windows:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.2:*:*:*:*:Windows:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.1:*:*:*:*:Windows:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.0:*:*:*:*:Windows:*:*

Platforms

Windows

Default Status

unaffected

Versions

Affected

From 6.3.0 before 6.3.3-h9 (6.3.3-999) (custom)
- -> unaffectedfrom6.3.3-h9 (6.3.3-999)
From 6.2.0 before 6.2.8-h10 (6.2.8-948) (custom)
- -> unaffectedfrom6.2.8-h10 (6.2.8-948)
From 6.0.0 before 6.0.13 (custom)
- -> unaffectedfrom6.0.13

Vendor

Palo Alto Networks, Inc.

Product

GlobalProtect App

CPEs

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.12:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.11:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.10:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.8:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.7:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.6:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.5:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.4:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.3:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.2:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.1:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.0:*:*:*:*:macOS:*:*

Platforms

macOS

Default Status

unaffected

Versions

Affected

From 6.3.0 before 6.3.3-h9 (6.3.3-999) (custom)
- -> unaffectedfrom6.3.3-h9 (6.3.3-999)
From 6.2.0 before 6.2.8-h10 (6.2.8-948) (custom)
- -> unaffectedfrom6.2.8-h10 (6.2.8-948)
From 6.0.0 before 6.0.13 (custom)
- -> unaffectedfrom6.0.13

Vendor

Palo Alto Networks, Inc.

Product

GlobalProtect App

CPEs

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.12:*:*:*:*:Linux:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.11:*:*:*:*:Linux:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.10:*:*:*:*:Linux:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.8:*:*:*:*:Linux:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.7:*:*:*:*:Linux:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.6:*:*:*:*:Linux:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.5:*:*:*:*:Linux:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.4:*:*:*:*:Linux:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.3:*:*:*:*:Linux:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.2:*:*:*:*:Linux:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.1:*:*:*:*:Linux:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.0:*:*:*:*:Linux:*:*

Platforms

Linux

Default Status

unaffected

Versions

Affected

From 6.3.0 before 6.3.3-h2 (6.3.3-42) (custom)
- -> unaffectedfrom6.3.3-h2 (6.3.3-42)
From 6.0.0 before 6.0.11 (custom)
- -> unaffectedfrom6.0.11

Vendor

Palo Alto Networks, Inc.

Product

Global Protect App

Platforms

Android
ChromeOS
iOS
UWP

Default Status

unaffected

Versions

Unaffected

All (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-426	CWE-426 Untrusted Search Path

Type: CWE

CWE ID: CWE-426

Description: CWE-426 Untrusted Search Path

Metrics

Version	Base score	Base severity	Vector
4.0	5.9	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber

Version: 4.0

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber

Impacts

CAPEC ID	Description
CAPEC-233	CAPEC-233 Privilege Escalation

CAPEC ID: CAPEC-233

Description: CAPEC-233 Privilege Escalation

Solutions

VERSION MINOR VERSION SUGGESTED SOLUTION GlobalProtect App 6.0 on Windows 6.0.0 through 6.0.12 Upgrade to 6.0.13 or later. GlobalProtect App 6.2 on Windows 6.2.0 through 6.2.8-h9 Upgrade to 6.2.8-h10 (6.2.8-948) or later. GlobalProtect App 6.3 on Windows 6.3.0 through 6.3.3-h8 Upgrade to 6.3.3-h9 (6.3.3-999) or later. GlobalProtect App 6.0 on macOS 6.0.0 through 6.0.12 Upgrade to 6.0.13 or later. GlobalProtect App 6.2 on macOS 6.2.0 through 6.2.8-h9 Upgrade to 6.2.8-h10 (6.2.8-948) or later. GlobalProtect App 6.3 on macOS 6.3.0 through 6.3.3-h8 Upgrade to 6.3.3-h9 (6.3.3-999) or later. GlobalProtect App 6.0 on Linux 6.0.0 through 6.0.10 Upgrade to 6.0.11 or later GlobalProtect App 6.2 on Linux 6.2.0 through 6.2.9 Upgrade to 6.3.3-h2 (6.3.3-42) or later. GlobalProtect App 6.3 on Linux 6.3.0 through 6.3.3-h1 Upgrade to 6.3.3-h2 (6.3.3-42) or later. GlobalProtect App on Android No action needed. GlobalProtect App on Chrome OS No action needed. GlobalProtect App on iOS No action needed. GlobalProtect App on UWP No action needed.

Configurations

No special configuration is required to be affected by this issue.

Workarounds

No known workarounds exist for this issue.

Exploits

Palo Alto Networks is not aware of any malicious exploitation of these issues.

Credits

other

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.

Timeline

Event	Date
Initial publication.	2026-05-13 16:00:00

Event: Initial publication.

Date: 2026-05-13 16:00:00

References

Hyperlink	Resource
https://security.paloaltonetworks.com/CVE-2026-0251	vendor-advisory

Hyperlink: https://security.paloaltonetworks.com/CVE-2026-0251

Resource:

vendor-advisory

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:psirt@paloaltonetworks.com

Published At:13 May, 2026 | 19:16

Updated At:13 May, 2026 | 19:16

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	5.9	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber

Type: Secondary

Version: 4.0

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber

Weaknesses

CWE ID	Type	Source
CWE-426	Secondary	psirt@paloaltonetworks.com

CWE ID: CWE-426

Type: Secondary

Source: psirt@paloaltonetworks.com

References

Hyperlink	Source	Resource
https://security.paloaltonetworks.com/CVE-2026-0251	psirt@paloaltonetworks.com	N/A

Hyperlink: https://security.paloaltonetworks.com/CVE-2026-0251

Source: psirt@paloaltonetworks.com

Resource: N/A

Similar CVEs

3Records found

CVE-2026-0246

Matching Score-8

Assigner-Palo Alto Networks, Inc.

View Details

Matching Score-8

Assigner-Palo Alto Networks, Inc.

CVSS Score-5.9||MEDIUM

EPSS-0.01% / 0.24%

7 Day CHG~0.00%

Published-13 May, 2026 | 18:51

Updated-13 May, 2026 | 19:30

Prisma Access Agent: Local Privilege Escalation Vulnerability

A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. This allows the user to execute arbitrary code and read sensitive information otherwise accessible only to privileged accounts. The Prisma Access Agent on iOS, Android and Chrome OS are not affected.

Vendor-Palo Alto Networks, Inc.

Product-Prisma Access Agent

CWE ID-CWE-862

Missing Authorization

CVE-2022-0014

Matching Score-6

Assigner-Palo Alto Networks, Inc.

View Details

Matching Score-6

Assigner-Palo Alto Networks, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.05% / 14.25%

7 Day CHG~0.00%

Published-12 Jan, 2022 | 17:30

Updated-16 Sep, 2024 | 23:00

Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session

An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.

Vendor-Palo Alto Networks, Inc.Microsoft Corporation

Product-cortex_xdr_agent windows Cortex XDR Agent

CWE ID-CWE-426

Untrusted Search Path

CVE-2025-0141

Matching Score-6

Assigner-Palo Alto Networks, Inc.

View Details

Matching Score-6

Assigner-Palo Alto Networks, Inc.

CVSS Score-8.4||HIGH

EPSS-0.21% / 43.20%

7 Day CHG~0.00%

Published-09 Jul, 2025 | 22:58

Updated-26 Feb, 2026 | 17:50

GlobalProtect App: Privilege Escalation (PE) Vulnerability

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on enables a locally authenticated non administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. The GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.

Vendor-Palo Alto Networks, Inc.

Product-GlobalProtect App GlobalProtect UWP App

CWE ID-CWE-426

Untrusted Search Path

CVE-2026-0251

Credits

GlobalProtect App: Local Privilege Escalation Vulnerabilities

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Affected

Affected

Unaffected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs