Home
MEDIUM: 5.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:AmberDefault status
unaffected
6.3.0 (custom) before 6.3.3-h9 (6.3.3-999)
affected
6.2.0 (custom) before 6.2.8-h10 (6.2.8-948)
affected
6.0.0 (custom) before 6.0.13
affected
Default status
unaffected
6.3.0 (custom) before 6.3.3-h9 (6.3.3-999)
affected
6.2.0 (custom) before 6.2.8-h10 (6.2.8-948)
affected
6.0.0 (custom) before 6.0.13
affected
Default status
unaffected
6.3.0 (custom) before 6.3.3-h2 (6.3.3-42)
affected
6.0.0 (custom) before 6.0.11
affected
Default status
unaffected
All (custom)
unaffected
Description
Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app allow a local user to escalate their privileges to NT AUTHORITY\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands with administrative privileges. The GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.
Problem types
Product status
6.3.0 (custom) before 6.3.3-h9 (6.3.3-999)
6.2.0 (custom) before 6.2.8-h10 (6.2.8-948)
6.0.0 (custom) before 6.0.13
6.3.0 (custom) before 6.3.3-h9 (6.3.3-999)
6.2.0 (custom) before 6.2.8-h10 (6.2.8-948)
6.0.0 (custom) before 6.0.13
6.3.0 (custom) before 6.3.3-h2 (6.3.3-42)
6.0.0 (custom) before 6.0.11
All (custom)
Timeline
| 2026-05-13: | Initial publication. |
Credits
Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.
References
security.paloaltonetworks.com/CVE-2026-0251