GlobalProtect macOS Passcode Disclosure Vulnerability
CVE-2026-0267 Published on June 10, 2026
GlobalProtect App: Information Exposure Vulnerability on macOS
An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so.
Timeline
Initial publication
Weakness Type
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Products Associated with CVE-2026-0267
Want to know whenever a new CVE is published for Palo Alto Networks Globalprotect App? stack.watch will email you.
Affected Versions
Palo Alto Networks GlobalProtect App:- Version 6.3.0 and below 6.3.3-h1 is affected.
- Version 6.2.0 and below 6.2.8-h2 is affected.
- Version All is unaffected.
- Version All is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.