Vulnerability handling in Palo Alto Networks PAN-OS and Prisma Access

Palo Alto Networks has identified a vulnerability in the PAN-OS’ GlobalProtect portal and gateway components. An unauthorized malicious actor can exploit this vulnerability to establish a VPN connection. As a result, the malicious actor gains access to internal systems that are accessible via the...

CVE-2026-0251 GlobalProtect App: Local Privilege Escalation Vulnerabilities

Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app allow a local user to escalate their privileges to NT AUTHORITY\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands with administrative...

EUVD-2025-7350

Malicious code in bioql PyPI...

EUVD-2025-14899

Malicious code in bioql PyPI...

EUVD-2024-49346

Malicious code in bioql PyPI...

EUVD-2024-49350

Malicious code in bioql PyPI...

CVE-2025-4232

CVE-2025-4232 (Palo Alto Networks GlobalProtect on macOS) is an privilege-escalation flaw in the log collection feature caused by improper neutralization of wildcards. The issue affects GlobalProtect app versions on macOS prior to 6.2.8-h2 (and 6.3.x prior to 6.3.3 per Nessus plugin) and can allo...

CVE-2025-0133

A reflected cross-site scripting XSS vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The...

CVE-2025-0133

PAN-OS CVE-2025-0133 describes a reflected XSS in the GlobalProtect gateway and portal, exploitable by an authenticated Captive Portal user via a specially crafted link to execute malicious JavaScript in the user’s browser. The primary risk is phishing/credential theft, with limited confidentiali...

CVE-2025-0126

When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. T...

CVE-2025-0126 PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login

When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. T...

Palo Alto Networks GlobalProtect 安全漏洞

Palo Alto Networks GlobalProtect is a suite of network protection software from Palo Alto Networks, USA. The software provides features such as firewall monitoring and threat prevention. A security vulnerability exists in Palo Alto Networks GlobalProtect, which stems from an issue with a privileg...

PT-2025-16006 · Palo Alto Networks · Globalprotect

Name of the Vulnerable Software and Affected Versions: GlobalProtect versions affected versions not specified Description: A session fixation issue in the GlobalProtect login, when configured using SAML, allows an attacker to impersonate a legitimate authorized user. This requires the legitimate...

Palo Alto Networks GlobalProtect 安全漏洞

Palo Alto Networks GlobalProtect is a suite of network protection software from Palo Alto Networks, USA. The software provides features such as firewall monitoring and threat prevention. A security vulnerability exists in Palo Alto Networks GlobalProtect that stems from a reliance on untrustworth...

Palo Alto Networks GlobalProtect 安全漏洞

Palo Alto Networks GlobalProtect is a suite of network protection software from Palo Alto Networks, USA. The software provides features such as firewall monitoring and threat prevention. A security vulnerability exists in Palo Alto Networks GlobalProtect that originates from a remote attacker bei...

Palo Alto Networks GlobalProtect 安全漏洞

Palo Alto Networks GlobalProtect is a suite of network protection software from Palo Alto Networks, USA. The software provides features such as firewall monitoring and threat prevention. A security vulnerability exists in Palo Alto Networks GlobalProtect. An attacker could exploit the vulnerabili...

Palo Alto Networks GlobalProtect 安全漏洞

Palo Alto Networks GlobalProtect is a suite of network protection software from Palo Alto Networks, USA. The software provides firewall monitoring and threat prevention. A security vulnerability exists in Palo Alto Networks GlobalProtect that originates from the ability of an unprivileged user to...

Palo Alto Networks GlobalProtect 安全漏洞

Palo Alto Networks GlobalProtect is a suite of network protection software from Palo Alto Networks, USA. The software provides firewall monitoring and threat prevention. A security vulnerability exists in Palo Alto Networks GlobalProtect that allows an attacker with authenticated access to the...

Vulnerabilities fixed in PAN OS

Palo Alto has fixed several vulnerabilities in PAN OS. The most serious vulnerability, with attribute CVE-2020-2050, is rated by Palo Alto rated with a CVSS score of 8.2 and is located in the GlobalProtect SSL VPN component. An unauthenticated malicious party can remotely exploit this vulnerabili...