05-20-2026 05:17 AM
Can someone explain to me why the GlobalProtect App release notes don't list the CVE's addressed? These are changes made in the app that need to be in the release notes and it seems unnecessary to have to check two different sources for information.
The only place CVE's are listed for GlobalProtect seems to be here: https://security.paloaltonetworks.com/
Also, what is it with Palo Alto and seemingly Cisco too with 6.3.3-h10 being listed but then on other locations being listed with a build # such as c1011. Either call it one or the other but not both. The security site lists h11 now for a CVE that was showing 6.3.3-h10 the other day but since it isn't in any release notes it appears no one is being notified of this. If I hadn't checked today I'd have though deploying 6.3.3-h10 was going to fix https://security.paloaltonetworks.com/CVE-2026-0251 .
Sorry this is a bit of a rant so this is mainly intended for Palo Alto but good grief lets get some consistency. If you want to use both numbers use them both everywhere.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
