{"api_version":"1","generated_at":"2026-06-22T20:26:06+00:00","cve":"CVE-2026-0271","urls":{"html":"https://cve.report/CVE-2026-0271","api":"https://cve.report/api/cve/CVE-2026-0271.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-0271","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-0271"},"summary":{"title":"Prisma Access Agent: Local Privilege Escalation by Authorized Users","description":"A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges.\n\n\n\nThis does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.","state":"PUBLISHED","assigner":"palo_alto","published_at":"2026-06-10 22:16:54","updated_at":"2026-06-11 15:21:30"},"problem_types":["CWE-732","CWE-732 CWE-732 Incorrect Permission Assignment for Critical Resource"],"metrics":[{"version":"4.0","source":"psirt@paloaltonetworks.com","type":"Secondary","score":"5.9","severity":"MEDIUM","vector":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"5.9","severity":"MEDIUM","vector":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber","data":{"Automatable":"NO","Recovery":"AUTOMATIC","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":5.9,"baseSeverity":"MEDIUM","exploitMaturity":"UNREPORTED","privilegesRequired":"LOW","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"MODERATE"}}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0271","name":"https://security.paloaltonetworks.com/CVE-2026-0271","refsource":"psirt@paloaltonetworks.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-0271","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0271","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Palo Alto Networks","product":"Prisma Access Agent","version":"affected 26.2.1 custom","platforms":["Linux"]},{"source":"CNA","vendor":"Palo Alto Networks","product":"Prisma Access Agent","version":"unaffected All custom","platforms":["macOS","Windows","iOS","Android","Chrome OS"]}],"timeline":[{"source":"CNA","time":"2026-06-10T16:00:00.000Z","lang":"en","value":"Initial publication."}],"solutions":[{"source":"CNA","title":"","value":"VERSION                                MINOR VERSION         SUGGESTED SOLUTION\nPrisma Access Agent on Linux           25.7 through 26.2.0   Upgrade to 26.2.1 or later.\nPrisma Access Agent All on macOS                             No action needed.\nPrisma Access Agent All on Windows                           No action needed.\nPrisma Access Agent All on iOS                               No action needed.\nPrisma Access Agent All on Android                           No action needed.\nPrisma Access Agent All on Chrome OS                         No action needed.","time":"","lang":"eng"}],"workarounds":[{"source":"CNA","title":"","value":"No known workarounds exist for this issue.","time":"","lang":"eng"}],"exploits":[{"source":"CNA","title":"","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","time":"","lang":"en"}],"credits":[{"source":"CNA","value":"Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"271","cve":"CVE-2026-0271","epss":"0.001070000","percentile":"0.013700000","score_date":"2026-06-17","updated_at":"2026-06-18 00:11:05"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-0271","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-06-11T13:48:10.520535Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-11T13:48:17.999Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Linux"],"product":"Prisma Access Agent","vendor":"Palo Alto Networks","versions":[{"changes":[{"at":"26.2.1","status":"unaffected"}],"lessThan":"26.2.1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["macOS","Windows","iOS","Android","Chrome OS"],"product":"Prisma Access Agent","vendor":"Palo Alto Networks","versions":[{"status":"unaffected","version":"All","versionType":"custom"}]}],"configurations":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"No special configuration is required to be affected by this issue."}],"value":"No special configuration is required to be affected by this issue."}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:*:*:*:Linux:*:*","versionEndExcluding":"26.2.1","versionStartIncluding":"26.2.0","vulnerable":true}],"negate":false,"operator":"OR"}],"operator":"OR"}],"credits":[{"lang":"en","type":"other","value":"Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."}],"datePublic":"2026-06-10T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges.</p><p>This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.</p>"}],"value":"A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges.\n\n\n\nThis does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}],"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}],"impacts":[{"capecId":"CAPEC-233","descriptions":[{"lang":"en","value":"CAPEC-233 Privilege Escalation"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NO","Recovery":"AUTOMATIC","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":5.9,"baseSeverity":"MEDIUM","exploitMaturity":"UNREPORTED","privilegesRequired":"LOW","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-732","description":"CWE-732 Incorrect Permission Assignment for Critical Resource","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-10T20:59:51.879Z","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"references":[{"tags":["vendor-advisory"],"url":"https://security.paloaltonetworks.com/CVE-2026-0271"}],"solutions":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr>\n                                    <td>Prisma Access Agent on Linux<br></td>\n                                    <td>25.7 through 26.2.0</td>\n                                    <td>Upgrade to 26.2.1 or later.</td>\n                                </tr><tr><td>Prisma Access Agent All on macOS<br></td><td></td><td>No action needed.</td></tr><tr><td>Prisma Access Agent All on Windows<br></td><td></td><td>No action needed.</td></tr><tr><td>Prisma Access Agent All on iOS<br></td><td></td><td>No action needed.</td></tr><tr><td>Prisma Access Agent All on Android<br></td><td></td><td>No action needed.</td></tr><tr><td>Prisma Access Agent All on Chrome OS<br></td><td></td><td>No action needed.</td></tr></tbody></table>"}],"value":"VERSION                                MINOR VERSION         SUGGESTED SOLUTION\nPrisma Access Agent on Linux           25.7 through 26.2.0   Upgrade to 26.2.1 or later.\nPrisma Access Agent All on macOS                             No action needed.\nPrisma Access Agent All on Windows                           No action needed.\nPrisma Access Agent All on iOS                               No action needed.\nPrisma Access Agent All on Android                           No action needed.\nPrisma Access Agent All on Chrome OS                         No action needed."}],"source":{"discovery":"INTERNAL"},"timeline":[{"lang":"en","time":"2026-06-10T16:00:00.000Z","value":"Initial publication."}],"title":"Prisma Access Agent: Local Privilege Escalation by Authorized Users","workarounds":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"No known workarounds exist for this issue."}],"value":"No known workarounds exist for this issue."}],"x_affectedList":["Prisma Access Agent   26.2.0"],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}}},"cveMetadata":{"assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","cveId":"CVE-2026-0271","datePublished":"2026-06-10T20:59:51.879Z","dateReserved":"2025-11-03T20:44:31.121Z","dateUpdated":"2026-06-11T13:48:17.999Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-10 22:16:54","lastModifiedDate":"2026-06-11 15:21:30","problem_types":["CWE-732","CWE-732 CWE-732 Incorrect Permission Assignment for Critical Resource"],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"271","Ordinal":"1","Title":"Prisma Access Agent: Local Privilege Escalation by Authorized Us","CVE":"CVE-2026-0271","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"271","Ordinal":"1","NoteData":"A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges.\n\n\n\nThis does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.","Type":"Description","Title":"Prisma Access Agent: Local Privilege Escalation by Authorized Us"}]}}}