GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or...

5.2 / 10

MEDIUM

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber

Description

A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect™ app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of requests and responses exchanged between Portal and Gateway.

The GlobalProtect app on iOS is not affected.

Basic Information

ID CVE-2026-0250

Source palo_alto

Published May 13, 2026 at 18:26

Modified May 13, 2026 at 18:43

Affected Product

Vendor Palo Alto Networks

Product GlobalProtect App

Version 6.3.0

Affected Versions Palo Alto Networks GlobalProtect App 6.3.0
Palo Alto Networks GlobalProtect App 6.2.0
Palo Alto Networks GlobalProtect App 6.1
Palo Alto Networks GlobalProtect App 6.3.0
Palo Alto Networks GlobalProtect App 6.0.0
Palo Alto Networks GlobalProtect App 6.0
Palo Alto Networks GlobalProtect App 6.0
Palo Alto Networks GlobalProtect UWP App 6.3

CWE Classification

CWE-787

References

security.paloaltonetworks.com /CVE-2026-0250

{
    "lastseen": "",
    "description": "A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect\u2122 app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of requests and responses exchanged between Portal and Gateway.\n\n\n\nThe GlobalProtect app on iOS is not affected.",
    "published": "2026-05-13T18:26:51.927Z",
    "modified": "2026-05-13T18:43:27.294Z",
    "type": "cve",
    "title": "GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway",
    "source": "palo_alto",
    "references": "https://security.paloaltonetworks.com/CVE-2026-0250",
    "id": "CVE-2026-0250",
    "bulletinFamily": "",
    "cwe": [
        "CWE-787"
    ],
    "cvelist": null,
    "sourceData": "Palo Alto Networks GlobalProtect App 6.3.0\nPalo Alto Networks GlobalProtect App 6.2.0\nPalo Alto Networks GlobalProtect App 6.1\nPalo Alto Networks GlobalProtect App 6.3.0\nPalo Alto Networks GlobalProtect App 6.0.0\nPalo Alto Networks GlobalProtect App 6.0\nPalo Alto Networks GlobalProtect App 6.0\nPalo Alto Networks GlobalProtect UWP App 6.3",
    "sourceHref": "",
    "cvss": {
        "score": 5.2,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GlobalProtect App",
    "version": "6.3.0",
    "vendor": "Palo Alto Networks",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway_CVE-2026-0250