{"api_version":"1","generated_at":"2026-06-03T09:12:21+00:00","cve":"CVE-2026-0248","urls":{"html":"https://cve.report/CVE-2026-0248","api":"https://cve.report/api/cve/CVE-2026-0248.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-0248","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-0248"},"summary":{"title":"Prisma Access Agent: Improper Certificate Validation Vulnerability","description":"An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can capture sensitive device information.\n\n\n\nThe Prisma Access Agent on macOS, Windows, Linux and iOS are not affected.","state":"PUBLISHED","assigner":"palo_alto","published_at":"2026-05-13 19:16:58","updated_at":"2026-05-14 16:21:23"},"problem_types":["CWE-295","CWE-295 CWE-295 Improper Certificate Validation"],"metrics":[{"version":"4.0","source":"psirt@paloaltonetworks.com","type":"Secondary","score":"6.2","severity":"MEDIUM","vector":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Amber","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Amber","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"6.2","severity":"MEDIUM","vector":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:U/AU:Y/R:A/V:D/RE:M/U:Amber","data":{"Automatable":"YES","Recovery":"AUTOMATIC","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"ADJACENT","baseScore":6.2,"baseSeverity":"MEDIUM","exploitMaturity":"UNREPORTED","privilegesRequired":"NONE","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:U/AU:Y/R:A/V:D/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"MODERATE"}}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0248","name":"https://security.paloaltonetworks.com/CVE-2026-0248","refsource":"psirt@paloaltonetworks.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-0248","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0248","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Palo Alto Networks","product":"Prisma Access Agent","version":"affected 26.2.1 custom","platforms":["Android","Chrome OS"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"Prisma Access Agent","version":"unaffected All custom","platforms":["iOS","Linux","macOS","Windows"]}],"timeline":[{"source":"CNA","time":"2026-05-13T16:00:00.000Z","lang":"en","value":"Initial publication."}],"solutions":[{"source":"CNA","title":"","value":"Version  Minor Version  Suggested Solution\nPrisma Access Agent on Android  25.0 through 26.2  Upgrade to 26.2.1 or later.\nPrisma Access Agent Chrome OS  25.0 through 26.2  Upgrade to 26.2.1 or later.\nPrisma Access Agent on iOS    No action needed\nPrisma Access Agent on Linux    No action needed\nPrisma Access Agent on macOS    No action needed\nPrisma Access Agent on Windows    No action needed","time":"","lang":"eng"}],"workarounds":[{"source":"CNA","title":"","value":"No known workarounds exist for this issue.","time":"","lang":"eng"}],"exploits":[{"source":"CNA","title":"","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","time":"","lang":"en"}],"credits":[{"source":"CNA","value":"Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"248","cve":"CVE-2026-0248","epss":"0.000060000","percentile":"0.003820000","score_date":"2026-05-25","updated_at":"2026-05-26 00:10:59"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-0248","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-05-13T19:17:42.438347Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-05-13T19:29:24.329Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Android","Chrome OS"],"product":"Prisma Access Agent","vendor":"Palo Alto Networks","versions":[{"changes":[{"at":"26.2.1","status":"unaffected"}],"lessThan":"26.2.1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["iOS","Linux","macOS","Windows"],"product":"Prisma Access Agent","vendor":"Palo Alto Networks","versions":[{"status":"unaffected","version":"All","versionType":"custom"}]}],"configurations":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>No special configuration is required.</p>"}],"value":"No special configuration is required."}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:android:*:*:*:*:*","versionEndExcluding":"26.2.1","versionStartIncluding":"0","vulnerable":true},{"criteria":"cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:chrome_os:*:*:*:*:*","versionEndExcluding":"26.2.1","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:ios:*:*:*:*:*","vulnerable":false},{"criteria":"cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:linux:*:*:*:*:*","vulnerable":false},{"criteria":"cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:macos:*:*:*:*:*","vulnerable":false},{"criteria":"cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:windows:*:*:*:*:*","vulnerable":false}],"negate":false,"operator":"OR"}],"operator":"OR"}],"credits":[{"lang":"en","type":"other","value":"Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."}],"datePublic":"2026-05-13T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can capture sensitive device information.</p><p>The Prisma Access Agent on macOS, Windows, Linux and iOS are not affected.</p>"}],"value":"An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can capture sensitive device information.\n\n\n\nThe Prisma Access Agent on macOS, Windows, Linux and iOS are not affected."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>"}],"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}],"impacts":[{"capecId":"CAPEC-94","descriptions":[{"lang":"en","value":"CAPEC-94 Adversary in the Middle (AiTM)"}]}],"metrics":[{"cvssV4_0":{"Automatable":"YES","Recovery":"AUTOMATIC","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"ADJACENT","baseScore":6.2,"baseSeverity":"MEDIUM","exploitMaturity":"UNREPORTED","privilegesRequired":"NONE","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:U/AU:Y/R:A/V:D/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-295","description":"CWE-295 Improper Certificate Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-13T19:05:00.190Z","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"references":[{"tags":["vendor-advisory"],"url":"https://security.paloaltonetworks.com/CVE-2026-0248"}],"solutions":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"<table class=\"tbl\"><tr><td>Version</td><td>Minor Version</td><td>Suggested Solution</td></tr><tr><td>Prisma Access Agent on Android</td><td>25.0 through 26.2</td><td>Upgrade to 26.2.1 or later.</td></tr><tr><td>Prisma Access Agent Chrome OS</td><td>25.0 through 26.2</td><td>Upgrade to 26.2.1 or later.</td></tr><tr><td>Prisma Access Agent on iOS</td><td><br></td><td>No action needed</td></tr><tr><td>Prisma Access Agent on Linux</td><td><br></td><td>No action needed</td></tr><tr><td>Prisma Access Agent on macOS</td><td><br></td><td>No action needed</td></tr><tr><td>Prisma Access Agent on Windows</td><td><br></td><td>No action needed</td></tr></table>"}],"value":"Version  Minor Version  Suggested Solution\nPrisma Access Agent on Android  25.0 through 26.2  Upgrade to 26.2.1 or later.\nPrisma Access Agent Chrome OS  25.0 through 26.2  Upgrade to 26.2.1 or later.\nPrisma Access Agent on iOS    No action needed\nPrisma Access Agent on Linux    No action needed\nPrisma Access Agent on macOS    No action needed\nPrisma Access Agent on Windows    No action needed"}],"source":{"discovery":"INTERNAL"},"timeline":[{"lang":"en","time":"2026-05-13T16:00:00.000Z","value":"Initial publication."}],"title":"Prisma Access Agent: Improper Certificate Validation Vulnerability","workarounds":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>No known workarounds exist for this issue.</p>"}],"value":"No known workarounds exist for this issue."}],"x_affectedList":["Prisma Access Agent   26.2.0"],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}}},"cveMetadata":{"assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","cveId":"CVE-2026-0248","datePublished":"2026-05-13T19:05:00.190Z","dateReserved":"2025-11-03T20:44:09.168Z","dateUpdated":"2026-05-13T19:29:24.329Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-13 19:16:58","lastModifiedDate":"2026-05-14 16:21:23","problem_types":["CWE-295","CWE-295 CWE-295 Improper Certificate Validation"],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Amber","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"248","Ordinal":"1","Title":"Prisma Access Agent: Improper Certificate Validation Vulnerabili","CVE":"CVE-2026-0248","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"248","Ordinal":"1","NoteData":"An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can capture sensitive device information.\n\n\n\nThe Prisma Access Agent on macOS, Windows, Linux and iOS are not affected.","Type":"Description","Title":"Prisma Access Agent: Improper Certificate Validation Vulnerabili"}]}}}