Palo Alto GlobalProtect Local Priv Escal to SYSTEM/ROOT
CVE-2026-0251 Published on May 13, 2026
GlobalProtect App: Local Privilege Escalation Vulnerabilities
Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect app allow a local user to escalate their privileges to NT AUTHORITY\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands with administrative privileges.
The GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.
Timeline
Initial publication.
Weakness Type
What is an Untrusted Path Vulnerability?
The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.
CVE-2026-0251 has been classified to as an Untrusted Path vulnerability or weakness.
Products Associated with CVE-2026-0251
Want to know whenever a new CVE is published for Palo Alto Networks Globalprotect App? stack.watch will email you.
Affected Versions
Palo Alto Networks GlobalProtect App:- Version 6.3.0 and below 6.3.3-h9 (6.3.3-999) is affected.
- Version 6.2.0 and below 6.2.8-h10 (6.2.8-948) is affected.
- Version 6.0.0 and below 6.0.13 is affected.
- Version 6.3.0 and below 6.3.3-h9 (6.3.3-999) is affected.
- Version 6.2.0 and below 6.2.8-h10 (6.2.8-948) is affected.
- Version 6.0.0 and below 6.0.13 is affected.
- Version 6.3.0 and below 6.3.3-h2 (6.3.3-42) is affected.
- Version 6.0.0 and below 6.0.11 is affected.
- Version All is unaffected.