CVE-2026-0251 is a local privilege escalation vulnerability in GlobalProtect App versions 6.0, 6.2, and 6.3 across Windows, macOS, and Linux, allowing any locally authenticated user to achieve SYSTEM or root via untrusted search path exploitation. Vendor patches are reported available or imminent. The vendor-reported CVSS base of 5.0 (Medium) warrants scrutiny given the cross-platform scope and full privilege escalation outcome; verify the official NVD vector before using the Medium rating for deprioritization.