CVE-2026-0267

Vulnerability

An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on macOS. This issue affects deployments where features allowing users to disable, disconnect, or uninstall the GlobalProtect app with a passcode are enabled. Affected versions include GlobalProtect App 6.3 prior to 6.3.3-h1 and GlobalProtect App 6.2 prior to 6.2.8-h2 on macOS [2].

Exploitation

A local user with access to the affected macOS system can exploit this vulnerability. The attacker needs to be able to read specific files or logs generated by the GlobalProtect app to discover the configured passcodes. No network access, privileges beyond local user, or user interaction is required [2].

Impact

Successful exploitation allows a local user to obtain the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. With these passcodes, the user can bypass intended restrictions and perform these actions, potentially leading to a loss of confidentiality for the organization's network access policies [2].

Mitigation

Palo Alto Networks has released fixed versions of the GlobalProtect app. For macOS, GlobalProtect App 6.3 should be upgraded to version 6.3.3-h1 or later, and GlobalProtect App 6.2 should be upgraded to version 6.2.8-h2 or later. Palo Alto Networks is not aware of any malicious exploitation of this issue [2].