5.5

CVE-2026-0267

GlobalProtect App: Information Exposure Vulnerability on macOS

An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PaloaltonetworksGlobalprotect SwPlatformmacos Version >= 6.2.0 < 6.2.8
PaloaltonetworksGlobalprotect SwPlatformmacos Version >= 6.3.0 < 6.3.3
PaloaltonetworksGlobalprotect Version6.2.8 Update- SwPlatformmacos
PaloaltonetworksGlobalprotect Version6.2.8 Updateh1 SwPlatformmacos
PaloaltonetworksGlobalprotect Version6.3.3 Update- SwPlatformmacos
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.1% 0.012
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
psirt@paloaltonetworks.com 4.4 0 0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber
CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://security.paloaltonetworks.com/CVE-2024-8687
Not Applicable
https://security.paloaltonetworks.com/CVE-2026-0267
Vendor Advisory
Mitigation