{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-0250/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["GlobalProtect App","GlobalProtect UWP App"],"_cs_severities":["medium"],"_cs_tags":["cve-2026-0250","buffer-overflow","man-in-the-middle"],"_cs_type":"advisory","_cs_vendors":["Palo Alto Networks"],"content_html":"\u003cp\u003eA buffer overflow vulnerability, identified as CVE-2026-0250, affects the Palo Alto Networks GlobalProtect App. This vulnerability can be exploited by a man-in-the-middle attacker positioned to intercept network traffic between a GlobalProtect Portal and Gateway. Successful exploitation could allow the attacker to disrupt system processes or potentially execute arbitrary code with SYSTEM privileges on the affected endpoint. The vulnerability stems from improper handling of requests and responses exchanged between the Portal and Gateway. The GlobalProtect app on iOS is not affected.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker positions themselves in a man-in-the-middle position on the network between the GlobalProtect client and the GlobalProtect Portal/Gateway.\u003c/li\u003e\n\u003cli\u003eThe GlobalProtect client initiates a connection to the GlobalProtect Portal or Gateway.\u003c/li\u003e\n\u003cli\u003eThe attacker intercepts the initial request from the GlobalProtect client.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious response containing a buffer overflow payload.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the malicious response to the GlobalProtect client.\u003c/li\u003e\n\u003cli\u003eThe GlobalProtect client processes the malicious response, triggering the buffer overflow.\u003c/li\u003e\n\u003cli\u003eThe buffer overflow allows the attacker to overwrite parts of memory, potentially corrupting system processes.\u003c/li\u003e\n\u003cli\u003eIf successful, the attacker gains the ability to execute arbitrary code with SYSTEM privileges, leading to full system compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-0250 can lead to disruption of system processes on the affected endpoint, potentially causing denial of service. In a more severe scenario, the attacker could achieve arbitrary code execution with SYSTEM privileges, leading to complete system compromise. While Palo Alto Networks is not aware of any malicious exploitation of this issue, the potential impact is significant, as it could allow an attacker to gain full control of the affected system.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade GlobalProtect App on Windows to 6.3.3-h9 (6.3.3-999) or later, 6.2.8-h10 (6.2.8-948) or later, or 6.0.13 or later to patch CVE-2026-0250.\u003c/li\u003e\n\u003cli\u003eUpgrade GlobalProtect App on macOS to 6.3.3-h9 (6.3.3-999) or later, 6.2.8-h10 (6.2.8-948) or later, or 6.0.13 or later to patch CVE-2026-0250.\u003c/li\u003e\n\u003cli\u003eUpgrade GlobalProtect App on Linux to 6.3.3-h2 (6.3.3-42) or later, or 6.0.11 or later to patch CVE-2026-0250.\u003c/li\u003e\n\u003cli\u003eUpgrade GlobalProtect App on Android to 6.1.13 or later, or 6.0.14 or later to patch CVE-2026-0250.\u003c/li\u003e\n\u003cli\u003eUpgrade GlobalProtect App on ChromeOS to 6.1.13 or later, or 6.0.14 or later to patch CVE-2026-0250.\u003c/li\u003e\n\u003cli\u003eUpgrade GlobalProtect UWP App to 6.3.3-h10 or later to patch CVE-2026-0250.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T16:04:16Z","date_published":"2026-05-13T16:04:16Z","id":"https://feed.craftedsignal.io/briefs/2026-05-globalprotect-buffer-overflow/","summary":"CVE-2026-0250 is a medium severity buffer overflow vulnerability in Palo Alto Networks GlobalProtect App that could allow a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges by intercepting and manipulating requests and responses between the Portal and Gateway.","title":"CVE-2026-0250 Palo Alto Networks GlobalProtect App Buffer Overflow Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-globalprotect-buffer-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-0250","version":"https://jsonfeed.org/version/1.1"}