Zero Day MonitorZDM

← Back to list

—

CVE-2026-0250EXPLOITEDPATCHED

palo alto networks · globalprotect

GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway

Description

A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect™ app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of requests and responses exchanged between Portal and Gateway. The GlobalProtect app on iOS is not affected.

Affected Products

Vendor	Product	Versions
palo alto networks	globalprotect	6.3.0, 6.2.0, 6.1, 6.3.0, 6.0.0, 6.0, 6.0, 6.3

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
palo alto networks	globalprotect	cert_advisory	90%

References

https://security.paloaltonetworks.com/CVE-2026-0250(vendor-advisory)

Related News (3 articles)

Tier B

BSI Advisories20d ago

[NEU] [hoch] Palo Alto Networks GlobalProtect App: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

CERT-FR20d ago

Multiples vulnérabilités dans les produits Palo Alto Networks (15 mai 2026)

→ No new info (linked only)

Tier C

VulDB21d ago

CVE-2026-0250 | Palo Alto GlobalProtect App/GlobalProtect UWP App prior 6.3.3-h9 (6.3.3-999) out-of-bounds write

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

6.3.3-h9 (6.3.3-999)

CWECWE-787

PublishedMay 13, 2026

Last enriched20d agov3

Trending Score4

Source articles3

Independent3

Info Completeness9/14

Missing: cvss, epss, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-0257EXP

PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities

NONECVE-2026-0300EXP

PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal

NONECVE-2026-0264

PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution

NONECVE-2026-0265

PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled

NONECVE-2026-0263

PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 13, 2026

Discovered by ZDM

May 13, 2026

Updated: description, severity, patchAvailable

May 13, 2026

Actively Exploited

May 14, 2026

Exploit Available

May 14, 2026

Patch Available

May 14, 2026

Updated: severity, exploitAvailable, activelyExploited

May 15, 2026

Version History

v3

Last enriched 20d ago

v3Tier B20d ago

Updated severity to HIGH and marked the vulnerability as actively exploited with an exploit available.

severityexploitAvailableactivelyExploited

via BSI Advisories

v2Tier C21d ago

Updated severity to CRITICAL, added new description details, and corrected patch available version.

descriptionseveritypatchAvailable

via VulDB

v121d ago

Initial creation