{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0267", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2025-11-03T20:44:27.401Z", "datePublished": "2026-06-10T20:31:37.320Z", "dateUpdated": "2026-06-10T20:31:37.320Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-06-10T20:31:37.320Z"}, "title": "GlobalProtect App: Information Exposure Vulnerability on macOS", "datePublic": "2026-06-10T16:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-155", "descriptions": [{"lang": "en", "value": "CAPEC-155 Screen Temporary Files for Sensitive Information"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "GlobalProtect App", "platforms": ["macOS"], "versions": [{"status": "affected", "version": "6.3.0", "lessThan": "6.3.3-h1", "changes": [{"at": "6.3.3-h1", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "6.2.0", "lessThan": "6.2.8-h2", "changes": [{"at": "6.2.8-h2", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected", "cpes": ["cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.3:*:*:*:*:macOS:*:*", "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.2:*:*:*:*:macOS:*:*", "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.1:*:*:*:*:macOS:*:*", "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.0:*:*:*:*:macOS:*:*", "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.8:*:*:*:*:macOS:*:*", "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.7:*:*:*:*:macOS:*:*", "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.6:*:*:*:*:macOS:*:*", "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.4:*:*:*:*:macOS:*:*", "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.3:*:*:*:*:macOS:*:*", "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.2:*:*:*:*:macOS:*:*", "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.1:*:*:*:*:macOS:*:*", "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.0:*:*:*:*:macOS:*:*"]}, {"vendor": "Palo Alto Networks", "product": "GlobalProtect App", "platforms": ["Windows", "Linux", "iOS", "Android", "Chrome OS"], "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "GlobalProtect UWP App", "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:*", "versionEndExcluding": "6.3.3-h1", "versionStartIncluding": "6.3.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:*", "versionEndExcluding": "6.2.8-h2", "versionStartIncluding": "6.2.8", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "value": "An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so."}]}], "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0267", "tags": ["vendor-advisory"]}, {"url": "https://security.paloaltonetworks.com/CVE-2024-8687", "tags": ["related"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "Safety": "NOT_DEFINED", "Automatable": "NO", "Recovery": "AUTOMATIC", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "AMBER", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 4.4, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber"}}], "configurations": [{"lang": "eng", "value": "This issue applies to GlobalProtect app deployments where the following feature is enabled on the GlobalProtect Portal configuration on PAN-OS firewalls or Panorama:\n\n * Network\u00a0> GlobalProtect\u00a0> Portals\u00a0> (portal-config)\u00a0> Agent\u00a0> (agent-config)\u00a0> App\u00a0> Allow User to Uninstall GlobalProtect App\u00a0> Allow with Password", "supportingMedia": [{"type": "text/html", "base64": false, "value": "This issue applies to GlobalProtect app deployments where the following feature is enabled on the GlobalProtect Portal configuration on PAN-OS firewalls or Panorama:<br><ul><li><b>Network</b>&nbsp;&gt; <b>GlobalProtect</b>&nbsp;&gt; <b>Portals</b>&nbsp;&gt; <b>(portal-config)</b>&nbsp;&gt; <b>Agent</b>&nbsp;&gt; <b>(agent-config)</b>&nbsp;&gt; <b>App</b>&nbsp;&gt; <b>Allow User to Uninstall GlobalProtect App</b>&nbsp;&gt; <b>Allow with Password</b></li></ul>"}]}], "workarounds": [{"lang": "eng", "value": "On the GlobalProtect Portal configuration on PAN-OS firewalls or Panorama, change the following setting (if enabled) to \"Disallow\":\n * Network\u00a0> GlobalProtect\u00a0> Portals\u00a0> (portal-config)\u00a0> Agent\u00a0> (agent-config)\u00a0> App\u00a0> Allow User to Uninstall GlobalProtect App\u00a0> Disallow", "supportingMedia": [{"type": "text/html", "base64": false, "value": "On the GlobalProtect Portal configuration on PAN-OS firewalls or Panorama, change the following setting (if enabled) to \"Disallow\":<ul><li><b>Network</b>&nbsp;&gt; <b>GlobalProtect</b>&nbsp;&gt; <b>Portals</b>&nbsp;&gt; <b>(portal-config)</b>&nbsp;&gt; <b>Agent</b>&nbsp;&gt; <b>(agent-config)</b>&nbsp;&gt; <b>App</b>&nbsp;&gt; <b>Allow User to Uninstall GlobalProtect App&nbsp;&gt; Disallow</b></li></ul>"}]}], "solutions": [{"lang": "eng", "value": "VERSION MINOR VERSION RANGE SUGGESTED SOLUTION\nGlobalProtect App 6.3 on macOS 6.3.0 through 6.3.3 Upgrade to 6.3.3-h1 or later.\nGlobalProtect App 6.2 on macOS 6.2.0 through 6.2.8-h1 Upgrade to 6.2.8-h2 or later.\nGlobalProtect App on Windows Not Applicable\nGlobalProtect App on Linux Not Applicable\nGlobalProtect App on iOS Not Applicable\nGlobalProtect App on Android Not Applicable\nGlobalProtect App on Chrome OS Not Applicable", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<table class=\"tbl\"><thead><tr><th>Version</th><th>Minor Version Range</th><th>Suggested Solution</th></tr></thead><tbody><tr><td>GlobalProtect App 6.3 on macOS</td><td>6.3.0 through 6.3.3</td><td>Upgrade to 6.3.3-h1 or later.</td></tr><tr><td>GlobalProtect App 6.2 on macOS</td><td>6.2.0 through 6.2.8-h1</td><td>Upgrade to 6.2.8-h2 or later.</td></tr><tr><td>GlobalProtect App on Windows</td><td></td><td>Not Applicable</td></tr><tr><td>GlobalProtect App on Linux</td><td></td><td>Not Applicable</td></tr><tr><td>GlobalProtect App on iOS</td><td></td><td>Not Applicable</td></tr><tr><td>GlobalProtect App on Android</td><td></td><td>Not Applicable</td></tr><tr><td>GlobalProtect App on Chrome OS</td><td></td><td>Not Applicable</td></tr></tbody></table>"}]}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}], "timeline": [{"time": "2026-06-10T16:00:00.000Z", "lang": "en", "value": "Initial publication"}], "credits": [{"lang": "en", "value": "Palo Alto Networks thanks one of our customers for discovering and reporting this issue.", "type": "finder"}], "source": {"discovery": "USER"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "x_affectedList": ["GlobalProtect App 6.3.3", "GlobalProtect App 6.3.2", "GlobalProtect App 6.3.1", "GlobalProtect App 6.3.0", "GlobalProtect App 6.3", "GlobalProtect App 6.2.8", "GlobalProtect App 6.2.7", "GlobalProtect App 6.2.6", "GlobalProtect App 6.2.4", "GlobalProtect App 6.2.3", "GlobalProtect App 6.2.2", "GlobalProtect App 6.2.1", "GlobalProtect App 6.2.0", "GlobalProtect App 6.2"]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so."}], "id": "CVE-2026-0267", "lastModified": "2026-06-10T22:16:53.187", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2026-06-10T22:16:53.187", "references": [{"source": "psirt@paloaltonetworks.com", "url": "https://security.paloaltonetworks.com/CVE-2024-8687"}, {"source": "psirt@paloaltonetworks.com", "url": "https://security.paloaltonetworks.com/CVE-2026-0267"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}

{}

{"created": "2026-06-10T23:30:44.138516+00:00", "updated": "2026-06-10T23:30:44.138528+00:00", "vendors": []}