CVE-2026-0249 GlobalProtect App: Certificate Validation Bypass Vulnerabilities
Description
Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subnet to redirect traffic to an unauthorized server and facilitate the installation of malicious software.
The GlobalProtect app on Linux, Windows, iOS and GlobalProtect UWP app are not affected.
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| GlobalProtect App | None on Windows None on Linux None on iOS None on Windows UWP | All on Windows All on Linux All on iOS All on Windows UWP |
| GlobalProtect App 6.3 | < 6.3.3-h9 (6.3.3-999) on macOS | >= 6.3.3-h9 (6.3.3-999) on macOS |
| GlobalProtect App 6.2 | < 6.2.8-h10 (6.2.8-948) on macOS | >= 6.2.8-h10 (6.2.8-948) on macOS |
| GlobalProtect App 6.1 | < 6.1.13 on Android < 6.1.13 on ChromeOS | >= 6.1.13 on Android >= 6.1.13 on ChromeOS |
| GlobalProtect App 6.0 | < 6.0.14 on Android < 6.0.14 on ChromeOS < 6.0.13 on macOS | >= 6.0.14 on Android (ETA: 05/20) >= 6.0.14 on ChromeOS (ETA: 05/20) >= 6.0.13 on macOS |
Required Configuration for Exposure
The issue is applicable to the GlobalProtect app on macOS only if SAML authentication with an embedded browser is enabled. No special configuration is required for the GlobalProtect app on Android/Chrome OS to be affected by this issue.
Severity: MEDIUM, Suggested Urgency: MODERATE
CVSS-BT: 4.9 / CVSS-B: 7.6 (CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of these issues.
Weakness Type and Impact
CWE-295 Improper Certificate Validation
CAPEC-94 Adversary in the Middle (AiTM)
Solution
| Version | Minor Version | Suggested Solution |
|---|---|---|
| GlobalProtect App 6.1 on Android | 6.1.0 through 6.1.12 | Upgrade to 6.1.13 or later. |
| GlobalProtect App 6.0 on Android | 6.0.0 through 6.0.13 | Upgrade to 6.0.14 or later. |
| GlobalProtect App 6.1 on Chrome OS | 6.1.0 through 6.1.12 | Upgrade to 6.1.13 or later. |
| GlobalProtect App 6.0 on Chrome OS | 6.0.0 through 6.0.13 | Upgrade to 6.0.14 or later. |
| GlobalProtect App 6.3 on macOS | 6.3.0 through 6.3.3-h8 | Upgrade to 6.3.3-h9 (6.3.3-999) or later. |
| GlobalProtect App 6.2 on macOS | 6.2.0 through 6.2.8-h9 | Upgrade to 6.2.8-h10 (6.2.8-948) or later. |
| GlobalProtect App 6.0 on macOS | 6.0.0 through 6.0.12 | Upgrade to 6.0.13 or later. |
| GlobalProtect App on Windows | No action needed. | |
| GlobalProtect App on Linux | No action needed. | |
| GlobalProtect App on iOS | No action needed. | |
| GlobalProtect App on UWP | No action needed. |
Workarounds and Mitigations
No known workarounds exist for this issue.
Acknowledgments
CPE Applicability
- cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:* is vulnerable from (including)6.3.3 and up to (excluding)6.3.3-h9_(6.3.3-999)
- ORcpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:* is vulnerable from (including)6.2.8 and up to (excluding)6.2.8-h10_(6.2.8-948)
- or
- cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Android:*:* is vulnerable from (including)6.1.0 and up to (excluding)6.1.13
- ORcpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:ChromeOS:*:* is vulnerable from (including)6.1.0 and up to (excluding)6.1.13
- ORcpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Android:*:* is vulnerable from (including)6.0.0 and up to (excluding)6.0.14
- ORcpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:ChromeOS:*:* is vulnerable from (including)6.0.0 and up to (excluding)6.0.14
- or
- cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:* is vulnerable from (including)6.0.0 and up to (excluding)6.0.13