CVE-2026-0250 is a CWE-787 out-of-bounds write in GlobalProtect App versions 6.0 through 6.3 across all major platforms, exploitable by an adjacent-network attacker performing a man-in-the-middle attack to achieve SYSTEM-level code execution on endpoints. CVSS is 5.0 (Medium) with EPSS in the bottom 1% and no confirmed exploitation. Patches are released on a staggered schedule across platforms; confirm availability for your specific platform before scheduling deployment.