CVE-2026-0249 | THREATINT

Description

Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subnet to redirect traffic to an unauthorized server and facilitate the installation of malicious software. The GlobalProtect app on Linux, Windows, iOS and GlobalProtect UWP app are not affected.

PUBLISHED Reserved 2025-11-03 | Published 2026-05-13 | Updated 2026-05-15 | Assigner palo_alto

MEDIUM: 4.9CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber

Problem types

CWE-295 Improper Certificate Validation

Product status

Default status

unaffected

6.3.0 (custom) before 6.3.3-h9 (6.3.3-999)

affected

6.2.0 (custom) before 6.2.8-h10 (6.2.8-948)

affected

Default status

unaffected

6.1.0 (custom) before 6.1.13

affected

6.0.0 (custom) before 6.0.14

affected

Default status

unaffected

6.0.0 (custom) before 6.0.13

affected

Default status

unaffected

All (custom)

unaffected

Timeline

2026-05-13:

Initial publication.

Credits

Palo Alto Networks thanks Kakao Corp. Service Security Team and our internal security research teams for discovering and reporting this issue. other

References

security.paloaltonetworks.com/CVE-2026-0249 vendor-advisory

cve.org (CVE-2026-0249)

nvd.nist.gov (CVE-2026-0249)

Download JSON