Main Vulnerability Database Vulnerabilities #VU134586

Inclusion of Sensitive Information in Log Files in GlobalProtect App for macOS - CVE-2026-0267

Published: June 16, 2026

Vulnerability identifier: #VU134586

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-0267

CWE-ID: CWE-532

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Palo Alto Networks, Inc.

Affected software:
GlobalProtect App for macOS

Detailed vulnerability description

The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to insertion of sensitive information into log files in the GlobalProtect app on macOS when storing configured passcodes for app control actions. A local user can read the configured passcodes for disabling, disconnecting, or uninstalling the app to disclose sensitive information.

Only deployments with the "Allow User to Uninstall GlobalProtect App" option set to "Allow with Password" are vulnerable.

How to mitigate CVE-2026-0267

Install security update from vendor's website.

Sources

https://security.paloaltonetworks.com/CVE-2026-0267

Inclusion of Sensitive Information in Log Files in GlobalProtect App for macOS - CVE-2026-0267

Detailed vulnerability description

How to mitigate CVE-2026-0267

Sources

Please verify you're human