VYPR

Globalprotect

by Paloaltonetworks

CVEs (45)

  • CVE-2026-0257CriKEVMay 13, 2026
    risk 0.76cvss 9.1epss 0.87

    Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

  • CVE-2025-0141HigJul 9, 2025
    risk 0.55cvss epss 0.00

    An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on enables a locally authenticated non administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. The GlobalProtect app on iOS,…

  • CVE-2025-0126HigApr 11, 2025
    risk 0.54cvss epss 0.00

    When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link…

  • CVE-2025-0131HigMay 14, 2025
    risk 0.46cvss epss 0.00

    An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT…

  • CVE-2025-0117HigMar 12, 2025
    risk 0.46cvss epss 0.00

    A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. GlobalProtect App on macOS, Linux, iOS, Android,…

  • CVE-2025-2179MedJul 29, 2025
    risk 0.44cvss epss 0.00

    An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on Linux devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The…

  • CVE-2025-0140MedJul 9, 2025
    risk 0.44cvss epss 0.00

    An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The…

  • CVE-2017-15870MedDec 11, 2017
    risk 0.44cvss 6.7epss 0.00

    Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."

  • CVE-2026-0251MedMay 13, 2026
    risk 0.38cvss epss 0.00

    Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app allow a local user to escalate their privileges to NT AUTHORITY\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands…

  • CVE-2026-0250MedMay 13, 2026
    risk 0.34cvss epss 0.00

    A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect™ app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of…

  • CVE-2025-2183MedAug 13, 2025
    risk 0.34cvss epss 0.00

    An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install…

  • CVE-2026-0249MedMay 13, 2026
    risk 0.32cvss epss 0.00

    Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an…

  • CVE-2026-0267MedJun 10, 2026
    risk 0.29cvss epss 0.00

    An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions…

  • CVE-2025-0133LowMay 14, 2025
    risk 0.18cvss epss 0.44

    A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a…

  • CVE-2021-3064Nov 10, 2021
    risk 0.05cvss epss 0.19

    A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have…

  • CVE-2025-4227Jun 13, 2025
    risk 0.00cvss epss 0.00

    An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks…

  • CVE-2025-4232Jun 12, 2025
    risk 0.00cvss epss 0.00

    An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root.

  • CVE-2025-0135May 14, 2025
    risk 0.00cvss epss 0.00

    An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app…

  • CVE-2025-0120Apr 11, 2025
    risk 0.00cvss epss 0.00

    A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local…

  • CVE-2025-0118Mar 12, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticated user. However, to…

Page 1 of 3