Palo Alto Networks
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Palo Alto Networks product.
RSS Feeds for Palo Alto Networks security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Palo Alto Networks products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Palo Alto Networks Sorted by Most Security Vulnerabilities since 2018
Palo Alto Networks PAN-OS171 vulnerabilities
PAN-OS is the software that runs all Palo Alto Networks next-generation firewalls.
By the Year
In 2026 there have been 35 vulnerabilities in Palo Alto Networks. Last year, in 2025 Palo Alto Networks had 31 security vulnerabilities published. That is, 4 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 35 | 0.00 |
| 2025 | 31 | 6.12 |
| 2024 | 50 | 6.50 |
| 2023 | 15 | 5.39 |
| 2022 | 9 | 6.47 |
| 2021 | 30 | 6.56 |
| 2020 | 61 | 6.83 |
| 2019 | 24 | 6.79 |
| 2018 | 11 | 5.66 |
It may take a day or so for new Palo Alto Networks vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Palo Alto Networks Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-0243 | May 13, 2026 |
DoS via crafted IPv6 packet on Palo Alto Prisma SD-WAN IONA denial of service (DoS) vulnerability in Palo Alto Networks Prisma SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to cause a system disruption by sending a specially crafted IPv6 packet. |
Prisma Sd Wan Ion
|
| CVE-2026-0248 | May 13, 2026 |
Improper Cert Validation in Prisma Access Agent for Android Enables MitMAn improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can capture sensitive device information. The Prisma Access Agent on macOS, Windows, Linux and iOS are not affected. |
Prisma Access Agent
|
| CVE-2026-0242 | May 13, 2026 |
SQLi in Trust Protection Foundation (TPF) enabling admin takeoverA SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform. |
Trust Protection Foundation
|
| CVE-2026-0244 | May 13, 2026 |
Improper Cert Validation in Palo Alto Networks Prisma SD-WAN ION Allows MitMAn improper certificate validation vulnerability in the Palo Alto Networks Prisma SD-WAN ION enables man-in-the-middle (MitM) attacker to impersonate the controller. |
Prisma Sd Wan Ion
|
| CVE-2026-0241 | May 13, 2026 |
Incorrect Auth Bypass in Palo Alto Trust Protection FoundationIncorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources. |
Trust Protection Foundation
|
| CVE-2026-0245 | May 13, 2026 |
Prisma Access Agent Local User Info DisclosureMultiple information disclosure vulnerabilities in Prisma Access Agent® allow a local user to access sensitive configuration data and credentials. The Prisma Access Agent on Linux, ChromeOS, Android, and iOS are not affected. |
Prisma Access Agent
|
| CVE-2026-0240 | May 13, 2026 |
TPF CVE-2026-0240: Authenticated InfoDisclosure & PrivEsc via VaultAn information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings. |
Trust Protection Foundation
|
| CVE-2026-0246 | May 13, 2026 |
Prisma Access Agent Priv Escal to Root / SYSTEM (CVE-2026-0246)A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. This allows the user to execute arbitrary code and read sensitive information otherwise accessible only to privileged accounts. The Prisma Access Agent on iOS, Android and Chrome OS are not affected. |
Prisma Access Agent
|
| CVE-2026-0247 | May 13, 2026 |
Auth Bypass in Prisma Access Agent Endpoint DLP ComponentMultiple authorization bypass vulnerabilities in the Endpoint DLP component of Prisma Access Agent® allow a local attacker to bypass authentication controls and execute privileged operations. |
Prisma Access Agent
|
| CVE-2026-0249 | May 13, 2026 |
GlobalProtect CVE-2026-0249 Improper Cert Validation Traffic InterceptMultiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subnet to redirect traffic to an unauthorized server and facilitate the installation of malicious software. The GlobalProtect app on Linux, Windows, iOS and GlobalProtect UWP app are not affected. |
Globalprotect App
|
| CVE-2026-0239 | May 13, 2026 |
Chronocollector Unauth Info Disclosure (CVE-2026-0239)An information disclosure vulnerability in the Chronosphere Chronocollector enables an unauthenticated attacker with network access to the collector service to retrieve sensitive information. |
Chronosphere Chronocollector
|
| CVE-2026-0250 | May 13, 2026 |
Buffer Overflow in Palo Alto GlobalProtect Enables Code Exec (CVE-2026-0250)A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of requests and responses exchanged between Portal and Gateway. The GlobalProtect app on iOS is not affected. |
Globalprotect App
Globalprotect Uwp App
|
| CVE-2026-0238 | May 13, 2026 |
Authenticated Admin Injection in Palo Alto Broker VMA vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields. |
Broker Vm
|
| CVE-2026-0251 | May 13, 2026 |
Palo Alto GlobalProtect Local Priv Escal to SYSTEM/ROOTMultiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect app allow a local user to escalate their privileges to NT AUTHORITY\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands with administrative privileges. The GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected. |
Globalprotect App
|
| CVE-2026-0256 | May 13, 2026 |
PAN-OS Stored XSS via Web Interface on PA-Series/VM-Series & PanoramaA stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma® Access are not impacted by this vulnerability. |
PAN-OS
|
| CVE-2026-0257 | May 13, 2026 |
Auth Bypass in PAN-OS GlobalProtect Portal/GatewayAuthentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues. |
PAN-OS
Prisma Access
|
| CVE-2026-0235 | May 13, 2026 |
Race Condition in Prisma Browser Allows Local User to Bypass PoliciesA race condition vulnerability in Palo Alto Networks Prisma® Browser enables a locally authenticated non-admin user to bypass certain access and data control policies. |
Prisma Browser
|
| CVE-2026-0258 | May 13, 2026 |
PAN-OS SSRF via IKEv2 Unauthenticated AttackA server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service (DoS) condition. Panorama, Cloud NGFW and Prisma® Access are not impacted by these vulnerabilities. |
PAN-OS
|
| CVE-2026-0259 | May 13, 2026 |
Arbitrary File Read/Deletion in Palo Alto Networks WildFire WF-500An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The WildFire Appliance (WF-500, WF-500-B) software update is now available to customers that use the WildFire Appliance (WF-500, WF-500-B) for on-premise sandboxing. Please note that customers using the WildFire Public cloud service are NOT impacted by this vulnerability. |
Wildfire Wf 500 And Wf 500 B
|
| CVE-2026-0261 | May 13, 2026 |
Palo Alto PAN-OS Root CLI Command Injection CVE-2026-0261Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma Access® are not impacted by these vulnerabilities. |
PAN-OS
|
| CVE-2026-0236 | May 13, 2026 |
Code Injection via AppleScript in Palo Alto Prisma Browser (macOS)A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated non-admin user to leverage this exposed Apple Event handler to send unauthorized commands to the browser. |
Prisma Browser
|
| CVE-2026-0262 | May 13, 2026 |
DoS via Crafted Traffic in Palo Alto PAN-OS Network OSMultiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic. Panorama and Cloud NGFW are not impacted by these vulnerabilities. |
PAN-OS
Prisma Access
|
| CVE-2026-0237 | May 13, 2026 |
Palo Alto Networks Prisma Browser Auth CmdInv via AutoBr (CVE-2026-0237)An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authenticated non-admin user to leverage an exposed communication channel to send unauthorized commands to the browser, bypassing security controls. |
Prisma Browser
|
| CVE-2026-0263 | May 13, 2026 |
Pan-OS IKEv2 Buffer Overflow Enables RCEA buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS® software allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on the firewall, or cause a denial of service (DoS) condition. Panorama, Cloud NGFW, and Prisma® Access are not impacted by these vulnerabilities. |
PAN-OS
|
| CVE-2026-0264 | May 13, 2026 |
PAN-OS DNS Buffer Overflow DoS / Remote Code ExecA buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only). Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability. |
PAN-OS
|
| CVE-2026-0265 | May 13, 2026 |
PAN-OS CAS Auth Bypass (CVE-2026-0265)An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled. The risk is higher if CAS is enabled on the management interface and lower when any other login interfaces are used. The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma Access® are not impacted by this vulnerability. |
PAN-OS
|
| CVE-2026-0300 | May 06, 2026 |
PAN-OS User-ID Auth Captive Po Buffer Overflow Root Code ExecA buffer overflow vulnerability in the User-ID Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability. |
PAN-OS
|
| CVE-2026-0232 | Apr 13, 2026 |
Cortex XDR Agent Admin Bypass: Local Admin Can Disable Agent ProtectionA problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection. |
Cortex Xdr Agent
|
| CVE-2026-0233 | Apr 13, 2026 |
Palo Alto Autonomous Digital Experience Manager Windows Cert Validation RCEA certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges. |
Autonomous Digital Experience Manager
|
| CVE-2026-0234 | Apr 13, 2026 |
Improper Cert Sig Verif in Palo Alto Cortex XSOAR/XSIAM Teams IntegrationAn improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources. |
Cortex Xsoar Microsoft Teams Marketplace
Cortex Xsiam Microsoft Teams Marketplace
|
| CVE-2026-0231 | Mar 11, 2026 |
Cortex XDR Broker VM Info Disclosure via UI (CVE-2026-0231)An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting. The attacker must have network access to the Broker VM to exploit this issue. |
Cortex Xdr Broker Vm
|
| CVE-2026-0230 | Mar 11, 2026 |
Local Admin Can Disable Palo Alto Cortex XDR on macOSA problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection. |
Cortex Xdr Agent
|
| CVE-2026-0229 | Feb 11, 2026 |
PAN-OS ADNS DoS via Malicious Packet Causing System RebootA denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. Cloud NGFW and Prisma Access® are not impacted by this vulnerability. |
PAN-OS
|
| CVE-2026-0228 | Feb 11, 2026 |
PAN-OS Improper Cert Validation Lets Windows TS Agents Use Expired CertsAn improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so. |
PAN-OS
Prisma Access
|
| CVE-2026-0227 | Jan 15, 2026 |
PAN-OS DoS via Maintenance Mode TriggerA vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode. |
PAN-OS
Prisma Access
|
| CVE-2025-4618 | Nov 14, 2025 |
Sensitive Info Disclosure in Palo Alto Prisma BrowserA sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Browser self-protection should be enabled to mitigate this issue. |
Prisma Browser
|
| CVE-2025-4617 | Nov 14, 2025 |
Prisma Browser Windows Screenshot Bypass via Local AuthAn insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the browser. Browser self-protection should be enabled to mitigate this issue. |
Prisma Browser
|
| CVE-2025-4616 | Nov 14, 2025 |
Palo Alto Prisma Browser: Local non-admin can bypass via input val flawAn insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to revert the browsers security controls. |
Prisma Browser
|
| CVE-2025-4619 | Nov 13, 2025 |
Palo Alto PAN-OS DoS Reboot via DataPlane PacketA denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. This issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, and Prisma® Access software. This issue does not affect Cloud NGFW. We have successfully completed the Prisma Access upgrade for all customers, with the exception of those facing issues such as conflicting maintenance windows. Remaining customers will be promptly scheduled for an upgrade through our standard upgrade process. |
PAN-OS
Prisma Access
|
| CVE-2025-4615 | Oct 09, 2025 |
Authenticated Admin Bypass in PANOS Web UI CVE20254615An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability. |
PAN-OS
Prisma Access
|
| CVE-2025-4614 | Oct 09, 2025 |
PAN-OS session token leakage allows admin impersonation (CVE20254614)An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability. |
PAN-OS
|
| CVE-2025-4234 | Sep 12, 2025 |
Cortex XDR M365 Defender Pack logs expose user credsA problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs. |
|
| CVE-2025-4235 | Sep 12, 2025 |
Palo Alto User-ID Credential Agent: Service Account Password DisclosureAn information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent (Windows-based) can expose the service account password under specific non-default configurations. This allows an unprivileged Domain User to escalate privileges by exploiting the accounts permissions. The impact varies by configuration: * Minimally Privileged Accounts: Enable disruption of User-ID Credential Agent operations (e.g., uninstalling or disabling the agent service), weakening network security policies that leverage Credential Phishing Prevention https://docs.paloaltonetworks.com/advanced-url-filtering/administration/url-filtering-features/credential-phishing-prevention under a Domain Credential Filter https://docs.paloaltonetworks.com/advanced-url-filtering/administration/url-filtering-features/credential-phishing-prevention/methods-to-check-for-corporate-credential-submissions configuration. * Elevated Accounts (Server Operator, Domain Join, Legacy Features): Permit increased impacts, including server control (e.g., shutdown/restart), domain manipulation (e.g., rogue computer objects), and network compromise via reconnaissance or client probing. |
|
| CVE-2025-2183 | Aug 13, 2025 |
GlobalProtect Insufficient Cert Validation Enables Malicious SoftwareAn insufficient certificate validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint. |
Globalprotect
|
| CVE-2025-2182 | Aug 13, 2025 |
PAN-OS MACsec CAK Disclosure in PA-7500 NGFW ClustersA problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster. A user who possesses this key can read messages being sent between devices in a NGFW Cluster. There is no impact in non-clustered firewalls or clusters of firewalls that do not enable MACsec. |
PAN-OS
|
| CVE-2025-2179 | Jul 29, 2025 |
Local Privilege Escalation: GlobalProtect App Linux Can Disable AppAn incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect App on Linux devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on Windows, macOS, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected. |
Globalprotect
|
| CVE-2025-0140 | Jul 09, 2025 |
Privilege Abuse Allows Non-Admin to Disable Palo Alto GlobalProtect on macOSAn incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect App on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected. |
Globalprotect
|
| CVE-2025-4227 | Jun 13, 2025 |
Palo Alto GP Improper Access Control in Endpoint Traffic Policy EnforcementAn improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect app allows certain packets to remain unencrypted instead of being properly secured within the tunnel. An attacker with physical access to the network can inject rogue devices to intercept these packets. Under normal operating conditions, the GlobalProtect app automatically recovers from this interception within one minute. |
Globalprotect
|
| CVE-2025-4232 | Jun 13, 2025 |
Palo Alto GlobalProtect: Wildcard Escalation in Log CollectionAn improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect app on macOS allows a non administrative user to escalate their privileges to root. |
Globalprotect
|
| CVE-2025-0135 | May 14, 2025 |
MacOS Priv. Escalation: GlobalProtect App Privilege MisassignmentAn incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect App on macOS devices enables a locally authenticated non administrative user to disable the app. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected. |
Globalprotect
|