Vulnerability in Palo Alto Networks Globalprotect App

CVE-2026-0249

Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administra…

Vulnerability class: Improper Certificate Validation

EPSS: 0.000 (0.6th percentile) — read the EPSS interpretation.

Affected products

Palo Alto Networks Globalprotect App — versions 6.3.0, 6.2.0, 6.1.0

Weakness classification (CWE)

CWE-295 — Improper Certificate Validation

References

psirt@paloaltonetworks.com (vendor-advisory)