Prisma Access Agent: Local Privilege Escalation Vulnerability
Summary
| CVE | CVE-2026-0246 |
|---|---|
| State | PUBLISHED |
| Assigner | palo_alto |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-13 19:16:58 UTC |
| Updated | 2026-05-14 16:21:23 UTC |
| Description | A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. This allows the user to execute arbitrary code and read sensitive information otherwise accessible only to privileged accounts. The Prisma Access Agent on iOS, Android and Chrome OS are not affected. |
Risk And Classification
Primary CVSS: v4.0 5.9 MEDIUM from [email protected]
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
EPSS: 0.000060000 probability, percentile 0.003140000 (date 2026-05-25)
Problem Types: CWE-862 | CWE-862 CWE-862 Missing Authorization
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | [email protected] | Secondary | 5.9 | MEDIUM | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/C... |
| 4.0 | CNA | CVSS | 5.9 | MEDIUM | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/A... |
CVSS v4.0 Breakdown
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Palo Alto Networks | Prisma Access Agent | affected 26.2.1 custom | Linux |
| CNA | Palo Alto Networks | Prisma Access Agent | affected 26.2.1 custom | macOS |
| CNA | Palo Alto Networks | Prisma Access Agent | affected 26.2.1 custom | Windows |
| CNA | Palo Alto Networks | Prisma Access Agent | unaffected All custom | Android, ChromeOS, iOS |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| security.paloaltonetworks.com/CVE-2026-0246 | [email protected] | security.paloaltonetworks.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue. (en)
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| CNA | 2026-05-13T16:00:00.000Z | Initial publication. |
Solutions
CNA: Version Minor Version Suggested Solution Prisma Access Agent on Linux 25.0 through 26.2 Upgrade to 26.2.1 or later. Prisma Access Agent on macOS 24.0 through 26.2 Upgrade to 26.2.1 or later. Prisma Access Agent on Windows 24.0 through 26.2 Upgrade to 26.2.1 or later. Prisma Access Agent on Android No action needed Prisma Access Agent on Chrome OS No action needed Prisma Access Agent on iOS No action needed
Workarounds
CNA: No known workarounds exist for this issue.
Exploits
CNA: Palo Alto Networks is not aware of any malicious exploitation of these issues.