{"api_version":"1","generated_at":"2026-06-22T23:39:28+00:00","cve":"CVE-2026-0268","urls":{"html":"https://cve.report/CVE-2026-0268","api":"https://cve.report/api/cve/CVE-2026-0268.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-0268","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-0268"},"summary":{"title":"Prisma Access Agent: Local Authenticated VPN Enforcement Bypass on Linux","description":"A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel.\n\n\n\nThis does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.","state":"PUBLISHED","assigner":"palo_alto","published_at":"2026-06-10 22:16:53","updated_at":"2026-06-11 15:21:30"},"problem_types":["CWE-424","CWE-424 CWE-424 Improper Protection of Alternate Path"],"metrics":[{"version":"4.0","source":"psirt@paloaltonetworks.com","type":"Secondary","score":"4.4","severity":"MEDIUM","vector":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"4.4","severity":"MEDIUM","vector":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber","data":{"Automatable":"NO","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":4.4,"baseSeverity":"MEDIUM","exploitMaturity":"UNREPORTED","privilegesRequired":"LOW","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"MODERATE"}}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0268","name":"https://security.paloaltonetworks.com/CVE-2026-0268","refsource":"psirt@paloaltonetworks.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-0268","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0268","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Palo Alto Networks","product":"Prisma Access Agent","version":"affected 26.2.1 custom","platforms":["Linux"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"Prisma Access Agent","version":"unaffected All custom","platforms":["Windows","macOS","iOS","Android","Chrome OS"]}],"timeline":[{"source":"CNA","time":"2026-06-10T16:00:00.000Z","lang":"en","value":"Initial publication."}],"solutions":[{"source":"CNA","title":"","value":"VERSION                                MINOR VERSION         SUGGESTED SOLUTION\nPrisma Access Agent on Linux           25.7 through 26.2.0   Upgrade to 26.2.1 or later.\nPrisma Access Agent All on Windows                           No action needed.\nPrisma Access Agent All on macOS                             No action needed.\nPrisma Access Agent All on iOS                               No action needed.\nPrisma Access Agent All on Android                           No action needed.\nPrisma Access Agent All on Chrome OS                         No action needed.","time":"","lang":"eng"}],"workarounds":[{"source":"CNA","title":"","value":"There are no known workarounds for this issue.","time":"","lang":"eng"}],"exploits":[{"source":"CNA","title":"","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","time":"","lang":"en"}],"credits":[{"source":"CNA","value":"our internal security research teams","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"268","cve":"CVE-2026-0268","epss":"0.001150000","percentile":"0.018170000","score_date":"2026-06-17","updated_at":"2026-06-18 00:11:05"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-0268","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-11T13:57:46.995690Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-11T13:57:54.692Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Linux"],"product":"Prisma Access Agent","vendor":"Palo Alto Networks","versions":[{"changes":[{"at":"26.2.1","status":"unaffected"}],"lessThan":"26.2.1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["Windows","macOS","iOS","Android","Chrome OS"],"product":"Prisma Access Agent","vendor":"Palo Alto Networks","versions":[{"status":"unaffected","version":"All","versionType":"custom"}]}],"configurations":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"No special configuration is required."}],"value":"No special configuration is required."}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:*:*:*:Linux:*:*","versionEndExcluding":"26.2.1","versionStartIncluding":"26.2.0","vulnerable":true}],"negate":false,"operator":"OR"}],"operator":"OR"}],"credits":[{"lang":"en","type":"finder","value":"our internal security research teams"}],"datePublic":"2026-06-10T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p><span>A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel.</span></p><p><span>This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.</span></p>"}],"value":"A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel.\n\n\n\nThis does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}],"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}],"impacts":[{"capecId":"CAPEC-180","descriptions":[{"lang":"en","value":"CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NO","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":4.4,"baseSeverity":"MEDIUM","exploitMaturity":"UNREPORTED","privilegesRequired":"LOW","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-424","description":"CWE-424 Improper Protection of Alternate Path","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-10T20:40:11.198Z","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"references":[{"tags":["vendor-advisory"],"url":"https://security.paloaltonetworks.com/CVE-2026-0268"}],"solutions":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr>\n                                    <td>Prisma Access Agent   on Linux<br></td>\n                                    <td>25.7 through 26.2.0</td>\n                                    <td>Upgrade to 26.2.1 or later.</td>\n                                </tr><tr><td>Prisma Access Agent All on Windows<br></td><td></td><td>No action needed.</td></tr><tr><td>Prisma Access Agent All on macOS<br></td><td></td><td>No action needed.</td></tr><tr><td>Prisma Access Agent All on iOS<br></td><td></td><td>No action needed.</td></tr><tr><td>Prisma Access Agent All on Android<br></td><td></td><td>No action needed.</td></tr><tr><td>Prisma Access Agent All on Chrome OS<br></td><td></td><td>No action needed.</td></tr></tbody></table>"}],"value":"VERSION                                MINOR VERSION         SUGGESTED SOLUTION\nPrisma Access Agent on Linux           25.7 through 26.2.0   Upgrade to 26.2.1 or later.\nPrisma Access Agent All on Windows                           No action needed.\nPrisma Access Agent All on macOS                             No action needed.\nPrisma Access Agent All on iOS                               No action needed.\nPrisma Access Agent All on Android                           No action needed.\nPrisma Access Agent All on Chrome OS                         No action needed."}],"source":{"discovery":"INTERNAL"},"timeline":[{"lang":"en","time":"2026-06-10T16:00:00.000Z","value":"Initial publication."}],"title":"Prisma Access Agent: Local Authenticated VPN Enforcement Bypass on Linux","workarounds":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"There are no known workarounds for this issue."}],"value":"There are no known workarounds for this issue."}],"x_affectedList":["Prisma Access Agent   26.2.0"],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}}},"cveMetadata":{"assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","cveId":"CVE-2026-0268","datePublished":"2026-06-10T20:40:11.198Z","dateReserved":"2025-11-03T20:44:28.362Z","dateUpdated":"2026-06-11T13:57:54.692Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-10 22:16:53","lastModifiedDate":"2026-06-11 15:21:30","problem_types":["CWE-424","CWE-424 CWE-424 Improper Protection of Alternate Path"],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"268","Ordinal":"1","Title":"Prisma Access Agent: Local Authenticated VPN Enforcement Bypass ","CVE":"CVE-2026-0268","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"268","Ordinal":"1","NoteData":"A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel.\n\n\n\nThis does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.","Type":"Description","Title":"Prisma Access Agent: Local Authenticated VPN Enforcement Bypass "}]}}}