{"api_version":"1","generated_at":"2026-06-03T06:12:50+00:00","cve":"CVE-2026-0246","urls":{"html":"https://cve.report/CVE-2026-0246","api":"https://cve.report/api/cve/CVE-2026-0246.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-0246","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-0246"},"summary":{"title":"Prisma Access Agent: Local Privilege Escalation Vulnerability","description":"A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\\SYSTEM on Windows. This allows the user to execute arbitrary code and read sensitive information otherwise accessible only to privileged accounts.\n\n\n\nThe Prisma Access Agent on iOS, Android and Chrome OS are not affected.","state":"PUBLISHED","assigner":"palo_alto","published_at":"2026-05-13 19:16:58","updated_at":"2026-05-14 16:21:23"},"problem_types":["CWE-862","CWE-862 CWE-862 Missing Authorization"],"metrics":[{"version":"4.0","source":"psirt@paloaltonetworks.com","type":"Secondary","score":"5.9","severity":"MEDIUM","vector":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"5.9","severity":"MEDIUM","vector":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber","data":{"Automatable":"NO","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":5.9,"baseSeverity":"MEDIUM","exploitMaturity":"UNREPORTED","privilegesRequired":"LOW","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"MODERATE"}}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0246","name":"https://security.paloaltonetworks.com/CVE-2026-0246","refsource":"psirt@paloaltonetworks.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-0246","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0246","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Palo Alto Networks","product":"Prisma Access Agent","version":"affected 26.2.1 custom","platforms":["Linux"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"Prisma Access Agent","version":"affected 26.2.1 custom","platforms":["macOS"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"Prisma Access Agent","version":"affected 26.2.1 custom","platforms":["Windows"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"Prisma Access Agent","version":"unaffected All custom","platforms":["Android","ChromeOS","iOS"]}],"timeline":[{"source":"CNA","time":"2026-05-13T16:00:00.000Z","lang":"en","value":"Initial publication."}],"solutions":[{"source":"CNA","title":"","value":"Version  Minor Version  Suggested Solution\nPrisma Access Agent on Linux  25.0 through 26.2  Upgrade to 26.2.1  or later.\nPrisma Access Agent on macOS  24.0 through 26.2  Upgrade to 26.2.1  or later.\nPrisma Access Agent on Windows  24.0 through 26.2  Upgrade to 26.2.1 or later.\nPrisma Access Agent on Android    No action needed\nPrisma Access Agent on Chrome OS    No action needed\nPrisma Access Agent on iOS    No action needed","time":"","lang":"eng"}],"workarounds":[{"source":"CNA","title":"","value":"No known workarounds exist for this issue.","time":"","lang":"eng"}],"exploits":[{"source":"CNA","title":"","value":"Palo Alto Networks is not aware of any malicious exploitation of these issues.","time":"","lang":"en"}],"credits":[{"source":"CNA","value":"Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"246","cve":"CVE-2026-0246","epss":"0.000060000","percentile":"0.003140000","score_date":"2026-05-25","updated_at":"2026-05-26 00:10:59"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-0246","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-05-13T19:27:51.920973Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-05-13T19:30:50.538Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Linux"],"product":"Prisma Access Agent","vendor":"Palo Alto Networks","versions":[{"changes":[{"at":"26.2.1","status":"unaffected"}],"lessThan":"26.2.1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["macOS"],"product":"Prisma Access Agent","vendor":"Palo Alto Networks","versions":[{"changes":[{"at":"26.2.1","status":"unaffected"}],"lessThan":"26.2.1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["Windows"],"product":"Prisma Access Agent","vendor":"Palo Alto Networks","versions":[{"changes":[{"at":"26.2.1","status":"unaffected"}],"lessThan":"26.2.1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["Android","ChromeOS","iOS"],"product":"Prisma Access Agent","vendor":"Palo Alto Networks","versions":[{"status":"unaffected","version":"All","versionType":"custom"}]}],"configurations":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>No special configuration is required.</p>"}],"value":"No special configuration is required."}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:linux:*:*:*:*:*","versionEndExcluding":"26.2.1","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:macos:*:*:*:*:*","versionEndExcluding":"26.2.1","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:windows:*:*:*:*:*","versionEndExcluding":"26.2.1","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:android:*:*:*:*:*","vulnerable":false},{"criteria":"cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:chromeos:*:*:*:*:*","vulnerable":false},{"criteria":"cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:ios:*:*:*:*:*","vulnerable":false}],"negate":false,"operator":"OR"}],"operator":"OR"}],"credits":[{"lang":"en","type":"other","value":"Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."}],"datePublic":"2026-05-13T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\\SYSTEM on Windows. This allows the user to execute arbitrary code and read sensitive information otherwise accessible only to privileged accounts.</p><p>The Prisma Access Agent on iOS, Android and Chrome OS are not affected.</p>"}],"value":"A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\\SYSTEM on Windows. This allows the user to execute arbitrary code and read sensitive information otherwise accessible only to privileged accounts.\n\n\n\nThe Prisma Access Agent on iOS, Android and Chrome OS are not affected."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Palo Alto Networks is not aware of any malicious exploitation of these issues.</p>"}],"value":"Palo Alto Networks is not aware of any malicious exploitation of these issues."}],"impacts":[{"capecId":"CAPEC-233","descriptions":[{"lang":"en","value":"CAPEC-233 Privilege Escalation"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NO","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":5.9,"baseSeverity":"MEDIUM","exploitMaturity":"UNREPORTED","privilegesRequired":"LOW","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-862","description":"CWE-862 Missing Authorization","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-13T18:51:06.275Z","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"references":[{"tags":["vendor-advisory"],"url":"https://security.paloaltonetworks.com/CVE-2026-0246"}],"solutions":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"<table><tbody><tr><td>Version</td><td>Minor Version</td><td>Suggested Solution</td></tr><tr><td>Prisma Access Agent on Linux</td><td>25.0 through 26.2</td><td>Upgrade to 26.2.1  or later.</td></tr><tr><td>Prisma Access Agent on macOS</td><td>24.0 through 26.2</td><td>Upgrade to 26.2.1  or later.</td></tr><tr><td>Prisma Access Agent on Windows</td><td>24.0 through 26.2</td><td>Upgrade to 26.2.1 or later.</td></tr><tr><td>Prisma Access Agent on Android</td><td><br></td><td>No action needed</td></tr><tr><td>Prisma Access Agent on Chrome OS</td><td><br></td><td>No action needed</td></tr><tr><td>Prisma Access Agent on iOS</td><td><br></td><td>No action needed</td></tr></tbody></table>"}],"value":"Version  Minor Version  Suggested Solution\nPrisma Access Agent on Linux  25.0 through 26.2  Upgrade to 26.2.1  or later.\nPrisma Access Agent on macOS  24.0 through 26.2  Upgrade to 26.2.1  or later.\nPrisma Access Agent on Windows  24.0 through 26.2  Upgrade to 26.2.1 or later.\nPrisma Access Agent on Android    No action needed\nPrisma Access Agent on Chrome OS    No action needed\nPrisma Access Agent on iOS    No action needed"}],"source":{"discovery":"INTERNAL"},"timeline":[{"lang":"en","time":"2026-05-13T16:00:00.000Z","value":"Initial publication."}],"title":"Prisma Access Agent: Local Privilege Escalation Vulnerability","workarounds":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>No known workarounds exist for this issue.</p>"}],"value":"No known workarounds exist for this issue."}],"x_affectedList":["Prisma Access Agent   26.2.0"],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}}},"cveMetadata":{"assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","cveId":"CVE-2026-0246","datePublished":"2026-05-13T18:51:06.275Z","dateReserved":"2025-11-03T20:44:07.240Z","dateUpdated":"2026-05-13T19:30:50.538Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-13 19:16:58","lastModifiedDate":"2026-05-14 16:21:23","problem_types":["CWE-862","CWE-862 CWE-862 Missing Authorization"],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"246","Ordinal":"1","Title":"Prisma Access Agent: Local Privilege Escalation Vulnerability","CVE":"CVE-2026-0246","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"246","Ordinal":"1","NoteData":"A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\\SYSTEM on Windows. This allows the user to execute arbitrary code and read sensitive information otherwise accessible only to privileged accounts.\n\n\n\nThe Prisma Access Agent on iOS, Android and Chrome OS are not affected.","Type":"Description","Title":"Prisma Access Agent: Local Privilege Escalation Vulnerability"}]}}}