Palo Alto Networks disclosed CVE-2026-0251, a local privilege escalation vulnerability in the GlobalProtect App affecting versions 6.0.x, 6.2.x, and 6.3.x on Windows, macOS, and Linux. Any low-privileged local user can escalate to SYSTEM or root with no special prerequisites. No active exploitation has been reported and no CISA KEV listing exists, but GlobalProtect is a high-privilege trusted security agent deployed broadly across enterprise endpoints, making it a meaningful lateral movement enabler in insider threat or compromised-account scenarios.