CVE-2026-0250 MEDIUM

CVE-2026-0250: GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway

Vendor Palo Alto Networks
Product GlobalProtect App
Weakness CWE-787
Published May 13, 2026
Last update May 14, 2026

CVSS base score

5.2/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber

What the vulnerability does

01Description

A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect™ app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of requests and responses exchanged between Portal and Gateway. The GlobalProtect app on iOS is not affected.

Key dates

02Disclosure timeline

May 13, 2026 CVE published
May 14, 2026 Record updated