GlobalProtect CVE-2026-0249 Improper Cert Validation Traffic Intercept
CVE-2026-0249 Published on May 13, 2026
GlobalProtect App: Certificate Validation Bypass Vulnerabilities
Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subnet to redirect traffic to an unauthorized server and facilitate the installation of malicious software.
The GlobalProtect app on Linux, Windows, iOS and GlobalProtect UWP app are not affected.
Timeline
Initial publication.
Weakness Type
Improper Certificate Validation
The software does not validate, or incorrectly validates, a certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.
Products Associated with CVE-2026-0249
Want to know whenever a new CVE is published for Palo Alto Networks Globalprotect App? stack.watch will email you.
Affected Versions
Palo Alto Networks GlobalProtect App:- Version 6.3.0 and below 6.3.3-h9 (6.3.3-999) is affected.
- Version 6.2.0 and below 6.2.8-h10 (6.2.8-948) is affected.
- Version 6.1.0 and below 6.1.13 is affected.
- Version 6.0.0 and below 6.0.14 is affected.
- Version 6.0.0 and below 6.0.13 is affected.
- Version All is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.