CVE-2026-0251 GlobalProtect App: Local Privilege Escalation Vulnerabilities

Palo Alto Networks Security Advisories / CVE-2026-0251

CVE-2026-0251 GlobalProtect App: Local Privilege Escalation Vulnerabilities

Urgency MODERATE

Severity 5.9 · MEDIUM

Exploit Maturity UNREPORTED

Response Effort MODERATE

Recovery USER

Value Density DIFFUSE

Attack Vector LOCAL

Attack Complexity LOW

Attack Requirements NONE

Automatable NO

User Interaction NONE

Product Confidentiality HIGH

Product Integrity HIGH

Product Availability HIGH

Privileges Required LOW

Subsequent Confidentiality NONE

Subsequent Integrity NONE

Subsequent Availability NONE

CVE JSON CSAF

Published 2026-05-13

Updated 2026-05-13

Discovered internally

Description

Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app allow a local user to escalate their privileges to NT AUTHORITY\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands with administrative privileges.

The GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.

Product Status

Versions	Affected	Unaffected
Global Protect App	None on Android None on ChromeOS None on iOS None on UWP	All on Android All on ChromeOS All on iOS All on UWP
GlobalProtect App 6.3	< 6.3.3-h9 (6.3.3-999) on Windows < 6.3.3-h9 (6.3.3-999) on macOS < 6.3.3-h2 (6.3.3-42) on Linux	>= 6.3.3-h9 (6.3.3-999) on Windows >= 6.3.3-h9 (6.3.3-999) on macOS >= 6.3.3-h2 (6.3.3-42) on Linux
GlobalProtect App 6.2	< 6.2.8-h10 (6.2.8-948) on Windows < 6.2.8-h10 (6.2.8-948) on macOS	>= 6.2.8-h10 (6.2.8-948) on Windows >= 6.2.8-h10 (6.2.8-948) on macOS
GlobalProtect App 6.0	< 6.0.13 on Windows < 6.0.13 on macOS < 6.0.11 on Linux	>= 6.0.13 on Windows >= 6.0.13 on macOS >= 6.0.11 on Linux (ETA: 06/04)

Required Configuration for Exposure

No special configuration is required to be affected by this issue.

Severity: MEDIUM, Suggested Urgency: MODERATE

CVSS-BT: 5.9 / CVSS-B: 8.5 (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of these issues.

Weakness Type and Impact

CWE-426 Untrusted Search Path

CAPEC-233 Privilege Escalation

Solution

Version	Minor Version	Suggested Solution
GlobalProtect App 6.0 on Windows	6.0.0 through 6.0.12	Upgrade to 6.0.13 or later.
GlobalProtect App 6.2 on Windows	6.2.0 through 6.2.8-h9	Upgrade to 6.2.8-h10 (6.2.8-948) or later.
GlobalProtect App 6.3 on Windows	6.3.0 through 6.3.3-h8	Upgrade to 6.3.3-h9 (6.3.3-999) or later.
GlobalProtect App 6.0 on macOS	6.0.0 through 6.0.12	Upgrade to 6.0.13 or later.
GlobalProtect App 6.2 on macOS	6.2.0 through 6.2.8-h9	Upgrade to 6.2.8-h10 (6.2.8-948) or later.
GlobalProtect App 6.3 on macOS	6.3.0 through 6.3.3-h8	Upgrade to 6.3.3-h9 (6.3.3-999) or later.
GlobalProtect App 6.0 on Linux	6.0.0 through 6.0.10	Upgrade to 6.0.11 or later
GlobalProtect App 6.2 on Linux	6.2.0 through 6.2.9	Upgrade to 6.3.3-h2 (6.3.3-42) or later.
GlobalProtect App 6.3 on Linux	6.3.0 through 6.3.3-h1	Upgrade to 6.3.3-h2 (6.3.3-42) or later.
GlobalProtect App on Android		No action needed.
GlobalProtect App on Chrome OS		No action needed.
GlobalProtect App on iOS		No action needed.
GlobalProtect App on UWP		No action needed.

Workarounds and Mitigations

No known workarounds exist for this issue.

Acknowledgments

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.

CPEs

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.12:*:*:*:*:Windows:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.11:*:*:*:*:Windows:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.10:*:*:*:*:Windows:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.8:*:*:*:*:Windows:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.7:*:*:*:*:Windows:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.6:*:*:*:*:Windows:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.5:*:*:*:*:Windows:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.4:*:*:*:*:Windows:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.3:*:*:*:*:Windows:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.2:*:*:*:*:Windows:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.1:*:*:*:*:Windows:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.0:*:*:*:*:Windows:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.12:*:*:*:*:macOS:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.11:*:*:*:*:macOS:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.10:*:*:*:*:macOS:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.8:*:*:*:*:macOS:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.7:*:*:*:*:macOS:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.6:*:*:*:*:macOS:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.5:*:*:*:*:macOS:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.4:*:*:*:*:macOS:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.3:*:*:*:*:macOS:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.2:*:*:*:*:macOS:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.1:*:*:*:*:macOS:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.0:*:*:*:*:macOS:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.12:*:*:*:*:Linux:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.11:*:*:*:*:Linux:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.10:*:*:*:*:Linux:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.8:*:*:*:*:Linux:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.7:*:*:*:*:Linux:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.6:*:*:*:*:Linux:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.5:*:*:*:*:Linux:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.4:*:*:*:*:Linux:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.3:*:*:*:*:Linux:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.2:*:*:*:*:Linux:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.1:*:*:*:*:Linux:*:*

cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.0:*:*:*:*:Linux:*:*

Show MoreShow Less

CPE Applicability

- cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Windows:*:* is vulnerable from (including)6.3.3 and up to (excluding)6.3.3-h9_(6.3.3-999)
- ORcpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Windows:*:* is vulnerable from (including)6.2.8 and up to (excluding)6.2.8-h10_(6.2.8-948)
- ORcpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Windows:*:* is vulnerable from (including)6.0.0 and up to (excluding)6.0.13
or
- cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:* is vulnerable from (including)6.3.3 and up to (excluding)6.3.3-h9_(6.3.3-999)
- ORcpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:* is vulnerable from (including)6.2.8 and up to (excluding)6.2.8-h10_(6.2.8-948)
- ORcpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:* is vulnerable from (including)6.0.0 and up to (excluding)6.0.13
or
- cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Linux:*:* is vulnerable from (including)6.3.3 and up to (excluding)6.3.3-h2_(6.3.3-42)
- ORcpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Linux:*:* is vulnerable from (including)6.0.0 and up to (excluding)6.0.11

Timeline

2026-05-13 Initial publication.