QSearchQSearch

CVE-2021-3038

5.5 MEDIUM

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send ...

Published: 2021-04-20 · Last updated: 2026-06-17

Severity and scoring

CVSS
5.5 MEDIUM
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE
CWE-20, CWE-248

Affected products

VendorProduct
paloaltonetworksglobalprotect

Description

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.8; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.4.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-0257 Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker ... (9.1 CRITICAL)
  • CVE-2025-0130 A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to... (7.5 HIGH)
  • CVE-2021-3057 A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker ... (8.1 HIGH)
  • CVE-2021-3055 An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an au... (6.5 MEDIUM)
  • CVE-2021-3054 A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authentica... (7.2 HIGH)

Same CWE

  • CVE-2026-12191 A vulnerability was found in Comma AI Openpilot 0.11 (7.8 HIGH)
  • CVE-2026-45013 ApostropheCMS is an open-source Node.js content management system (8.1 HIGH)
  • CVE-2026-54133 jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP app... (9.8 CRITICAL)
  • CVE-2026-47196 Quest Bot is an opensource Discord Bot
  • CVE-2026-50633 A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an atta... (8.1 HIGH)