CVE-2026-0249
published 2026-05-13CVE-2026-0249: Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications…
PriorityP423medium4.9CVSS 4.0
AVAACLATPPRNUINVCHVIHVANSCNSINSANEUCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUNRUVDREMUAmber
EPSS
0.11%
1.6th percentile
Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subnet to redirect traffic to an unauthorized server and facilitate the installation of malicious software.
The GlobalProtect app on Linux, Windows, iOS and GlobalProtect UWP app are not affected.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | globalprotect_app | >= 6.0.0 < 6.0.14 | 6.0.14 |
| palo_alto_networks | globalprotect_app | >= 6.0.0 < 6.0.13 | 6.0.13 |
| palo_alto_networks | globalprotect_app | >= 6.1.0 < 6.1.13 | 6.1.13 |
| palo_alto_networks | globalprotect_app | >= 6.2.0 < 6.2.8-h10 (6.2.8-948) | 6.2.8-h10 (6.2.8-948) |
| palo_alto_networks | globalprotect_app | >= 6.3.0 < 6.3.3-h9 (6.3.3-999) | 6.3.3-h9 (6.3.3-999) |
| paloalto | globalprotect_app | — | — |
CVSS provenance
nvdv4.04.9MEDIUMCVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
cisa8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Microsoft Internet Explorer Use-After-Free Vulnerability
cisa·2026-05-20·CVSS 8.8
CVE-2010-0249 [HIGH] CWE-416 Microsoft Internet Explorer Use-After-Free Vulnerability
Vulnerability: Microsoft Internet Explorer Use-After-Free Vulnerability
Affected: Microsoft Internet Explorer
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2010/979352 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0249
Remediation Due Date: 2026-06-03
Palo Alto
GlobalProtect App: Certificate Validation Bypass Vulnerabilities
vendor_paloalto·CVSS 4.9
CVE-2026-0249 [MEDIUM] CWE-295 GlobalProtect App: Certificate Validation Bypass Vulnerabilities
GlobalProtect App: Certificate Validation Bypass Vulnerabilities
Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subnet to redirect traffic to an unauthorized server and facilitate the installation of malicious software.
The GlobalProtect app on Linux, Windows, iOS and GlobalProtect UWP app are not affected.
Affected products: GlobalProtect App
Solution: Version Minor Version Suggested Solution
GlobalProtect App 6.1 on Android 6.1.0 through 6.1.12 Upgrade to 6.1.13 or later.
GlobalProtect App 6.0 on Android 6.0.0 through 6.0.13 Upgrade to 6.0.14
GHSA
GHSA-h3p8-5g8q-vm3h: Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted commu
ghsa_unreviewed·2026-05-13
CVE-2026-0249 [MEDIUM] CWE-295 GHSA-h3p8-5g8q-vm3h: Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted commu
Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subnet to redirect traffic to an unauthorized server and facilitate the installation of malicious software.
The GlobalProtect app on Linux, Windows, iOS and GlobalProtect UWP app are not affected.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-13
Published