{"cve":{"cve_id":"CVE-2026-0250","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00208,"epss_percentile":0.10841,"epss_as_of":"2026-06-23","description":"A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtectâ„¢ app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of requests and responses exchanged between Portal and Gateway.\n\n\n\nThe GlobalProtect app on iOS is not affected.","published_at":"2026-05-13T18:26:51.927000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":5.2,"cvss_v4_vector":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber","cvss_v4_severity":"MEDIUM","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-787"],"nvd_references":["https://security.paloaltonetworks.com/CVE-2026-0250"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:28:46.251824Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"A","value_label":"Adjacent"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"P","value_label":"Present"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"H","value_label":"High"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"},{"metric":"E","name":"E","value":"U","value_label":"Unchanged"},{"metric":"AU","name":"AU","value":"N","value_label":"None"},{"metric":"R","name":"R","value":"U","value_label":"Unchanged"},{"metric":"V","name":"V","value":"D","value_label":"D"},{"metric":"RE","name":"RE","value":"M","value_label":"M"},{"metric":"U","name":"U","value":"Amber","value_label":"Amber"}]},"affected":[{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"globalprotect-app","product_name":"globalprotect_app","version_start":"All","version_start_inclusive":true,"version_end":"All","version_end_inclusive":true,"cpe23_uri":"cve5:palo-alto-networks:globalprotect-app:All:All"},{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"globalprotect-app","product_name":"globalprotect_app","version_start":"6.2.0","version_start_inclusive":true,"version_end":"6.2.8-h10 (6.2.8-948)","version_end_inclusive":false,"cpe23_uri":"cve5:palo-alto-networks:globalprotect-app:6.2.0:6.2.8-h10 (6.2.8-948)"},{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"globalprotect-app","product_name":"globalprotect_app","version_start":"6.1","version_start_inclusive":true,"version_end":"6.1.13","version_end_inclusive":false,"cpe23_uri":"cve5:palo-alto-networks:globalprotect-app:6.1:6.1.13"},{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"globalprotect-app","product_name":"globalprotect_app","version_start":"6.3.0","version_start_inclusive":true,"version_end":"6.3.3-h2 (6.3.3-42)","version_end_inclusive":false,"cpe23_uri":"cve5:palo-alto-networks:globalprotect-app:6.3.0:6.3.3-h2 (6.3.3-42)"},{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"globalprotect-app","product_name":"globalprotect_app","version_start":"6.0.0","version_start_inclusive":true,"version_end":"6.0.11","version_end_inclusive":false,"cpe23_uri":"cve5:palo-alto-networks:globalprotect-app:6.0.0:6.0.11"},{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"globalprotect-app","product_name":"globalprotect_app","version_start":"6.0","version_start_inclusive":true,"version_end":"6.0.13","version_end_inclusive":false,"cpe23_uri":"cve5:palo-alto-networks:globalprotect-app:6.0:6.0.13"},{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"globalprotect-app","product_name":"globalprotect_app","version_start":"6.0","version_start_inclusive":true,"version_end":"6.0.14","version_end_inclusive":false,"cpe23_uri":"cve5:palo-alto-networks:globalprotect-app:6.0:6.0.14"},{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"globalprotect-app","product_name":"globalprotect_app","version_start":"6.3.0","version_start_inclusive":true,"version_end":"6.3.3-h9 (6.3.3-999)","version_end_inclusive":false,"cpe23_uri":"cve5:palo-alto-networks:globalprotect-app:6.3.0:6.3.3-h9 (6.3.3-999)"},{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"globalprotect-uwp-app","product_name":"GlobalProtect UWP App","version_start":"6.3","version_start_inclusive":true,"version_end":"6.3.3-h10","version_end_inclusive":false,"cpe23_uri":"cve5:palo-alto-networks:globalprotect-uwp-app:6.3:6.3.3-h10"}],"exploit_refs":[],"news":[],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0250","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-05-13T18:26:51.927000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:50:21.811688Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:50:21.811688Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:50:21.811688Z","label":"CVSS score revised","source":"cvelistv5"}]}