CVE-2026-0267: CWE-532 Insertion of Sensitive Information into Log File in Palo Alto Networks GlobalProtect App
An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-0267) involves the insertion of sensitive information, specifically configured passcodes, into log files by the GlobalProtect app on macOS. A local attacker with limited privileges can read these logs to obtain passcodes that control disabling, disconnecting, or uninstalling the app. With these passcodes, the attacker can circumvent configuration restrictions and perform these actions unauthorized. The vulnerability is classified under CWE-532 (Insertion of Sensitive Information into Log File). There is no vendor advisory or patch currently available, and no known exploits in the wild have been reported.
Potential Impact
An attacker with local access to the affected macOS system can obtain sensitive passcodes from log files, enabling them to disable, disconnect, or uninstall the GlobalProtect app regardless of configuration restrictions. This could undermine endpoint security controls enforced by the app, potentially exposing the system to further compromise or loss of VPN connectivity.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict local user access to the affected system and monitor for unauthorized attempts to disable or uninstall the GlobalProtect app. Avoid exposing log files containing sensitive information to untrusted users.
CVE-2026-0267: CWE-532 Insertion of Sensitive Information into Log File in Palo Alto Networks GlobalProtect App
Description
An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so.
CVSS v4.0
Score 4.4medium
Affected software
pkg:github/palo_alto_networks/globalprotect_appcpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.3:*:*:*:*:macOS:*:*cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.2:*:*:*:*:macOS:*:*cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.1:*:*:*:*:macOS:*:*cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.0:*:*:*:*:macOS:*:*cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.8:*:*:*:*:macOS:*:*cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.7:*:*:*:*:macOS:*:*Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-0267) involves the insertion of sensitive information, specifically configured passcodes, into log files by the GlobalProtect app on macOS. A local attacker with limited privileges can read these logs to obtain passcodes that control disabling, disconnecting, or uninstalling the app. With these passcodes, the attacker can circumvent configuration restrictions and perform these actions unauthorized. The vulnerability is classified under CWE-532 (Insertion of Sensitive Information into Log File). There is no vendor advisory or patch currently available, and no known exploits in the wild have been reported.
Potential Impact
An attacker with local access to the affected macOS system can obtain sensitive passcodes from log files, enabling them to disable, disconnect, or uninstall the GlobalProtect app regardless of configuration restrictions. This could undermine endpoint security controls enforced by the app, potentially exposing the system to further compromise or loss of VPN connectivity.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict local user access to the affected system and monitor for unauthorized attempts to disable or uninstall the GlobalProtect app. Avoid exposing log files containing sensitive information to untrusted users.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- palo_alto
- Date Reserved
- 2025-11-03T20:44:27.401Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a29d0220e53e7388398699d
Added to database: 6/10/2026, 8:59:14 PM
Last enriched: 6/10/2026, 9:28:51 PM
Last updated: 6/11/2026, 12:07:10 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.