CVE-2026-0249

UNKNOWN 0.0

GlobalProtect App: Certificate Validation Bypass Vulnerabilities

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subnet to redirect traffic to an unauthorized server and facilitate the installation of malicious software. The GlobalProtect app on Linux, Windows, iOS and GlobalProtect UWP app are not affected.

CWE	CWE-295
Vendor	palo alto networks
Product	globalprotect app
Published	May 13, 2026
Last Updated	May 13, 2026

Stay Ahead of the Next One

Get instant alerts for palo alto networks globalprotect app

Be the first to know when new unknown vulnerabilities affecting palo alto networks globalprotect app are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Palo Alto Networks / GlobalProtect App

6.3.0 < 6.3.3-h9 (6.3.3-999) 6.2.0 < 6.2.8-h10 (6.2.8-948)

Palo Alto Networks / GlobalProtect App

6.1.0 < 6.1.13 6.0.0 < 6.0.14

Palo Alto Networks / GlobalProtect App

6.0.0 < 6.0.13

Palo Alto Networks / GlobalProtect App

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

security.paloaltonetworks.com: https://security.paloaltonetworks.com/CVE-2026-0249

Credits

Palo Alto Networks thanks Kakao Corp. Service Security Team and our internal security research teams for discovering and reporting this issue.