GlobalProtect App: Information Exposure Vulnerability on macOS
MonitorCVSS 6.9CVE-2026-0267Jun 10, 2026
Palo Alto Networks
IT in OT - Palo Alto firewalls are commonly deployed at IT/OT network boundaries
Summary
An information exposure vulnerability in Palo Alto Networks GlobalProtect app on macOS allows a local user to discover the passcode used to control app disable, disconnect, and uninstall functions. Once the passcode is known, the user can perform these actions regardless of the configured security policy, potentially removing VPN protection and endpoint security enforcement.
What this means
What could happen
A local user on a macOS device can discover the passcode that controls GlobalProtect app settings, then disable or uninstall the VPN client without authorization, losing remote access protection and endpoint security coverage.
Who's at risk
Organizations using GlobalProtect VPN client on macOS devices for remote workforce protection, particularly those where endpoint security relies on preventing user disablement of the client. This affects any enterprise with macOS-based remote workers or contractors.
How it could be exploited
An attacker with local access to a macOS device can read the configured passcode from the GlobalProtect app configuration, then use it to disable, disconnect, or uninstall the app. This removes VPN protection and allows the attacker to operate on an unprotected network segment.
Prerequisites
- Local user access to macOS device running GlobalProtect App
- GlobalProtect App configured with a passcode to control uninstall/disable functionality
local access requiredlow complexity exploitationaffects remote access securitypasscode disclosure enables unauthorized uninstall
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (7)
2 with fix5 pending
ProductAffected VersionsFix Status
GlobalProtect AppBelow 6.3.3-h1 on macOS6.3.3-h1 on macOS+
GlobalProtect AppBelow 6.2.8-h2 on macOS6.2.8-h2 on macOS+
GlobalProtect UWP AppNone on WindowsNo fix yet
GlobalProtect UWP AppLinuxNo fix yet
GlobalProtect UWP AppiOSNo fix yet
GlobalProtect UWP AppAndroidNo fix yet
GlobalProtect UWP AppChrome OSNo fix yet
Remediation & Mitigation
0/2
Do now
0/1GlobalProtect App
HARDENINGOn PAN-OS firewall or Panorama, configure GlobalProtect Portal Agent settings: Network > GlobalProtect > Portals > [portal-name] > Agent > [agent-config] > App > set 'Allow User to Uninstall GlobalProtect App' to 'Disallow'
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
GlobalProtect App
HOTFIXUpdate GlobalProtect App on macOS to version 6.3.3-h1 or later (or 6.2.8-h2 if on the 6.2 branch)
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/2f43b828-cf3a-4e0c-9d7f-826b3bfaac3dGet OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.