Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
Primary rating from Vendor (palo_alto) · only source for this CVE.
CVSS VectorVendor: palo_alto
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. This allows the user to execute arbitrary code and read sensitive information otherwise accessible only to privileged accounts.
The Prisma Access Agent on iOS, Android and Chrome OS are not affected.
AnalysisAI
Local privilege escalation in Palo Alto Networks Prisma Access Agent (all versions prior to 26.2.1) allows any locally authenticated non-administrative user to elevate to root on macOS and Linux, or NT AUTHORITY\SYSTEM on Windows, by exploiting a flawed privilege management mechanism. Successful exploitation grants full control of the affected endpoint, enabling arbitrary code execution and unauthorized access to data restricted to privileged accounts. No public exploit exists and the vulnerability is absent from CISA KEV; however, SSVC rates technical impact as total, making patching a meaningful priority for multi-user and enterprise endpoint environments.
Technical ContextAI
The root cause is CWE-862 (Missing Authorization), where the Prisma Access Agent's privilege management subsystem fails to enforce proper authorization before elevating a requesting user's privileges. The agent operates as a privileged system service on macOS, Linux, and Windows to enforce enterprise network security policies, and its elevated runtime context is what makes a missing authorization check dangerous - an unprivileged caller can abuse a privileged service endpoint without the system verifying they are entitled to do so. CPE data (cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:*:*:*:*:*:*) confirms all agent versions prior to 26.2.1 across those three platforms are affected. The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N) indicates no special attack prerequisites beyond a low-privilege local account - consistent with an unauthenticated or improperly guarded IPC call, privilege API, or inter-process communication channel exposed by the running agent service.
RemediationAI
Upgrade Palo Alto Networks Prisma Access Agent to version 26.2.1 or later, which contains the vendor-released fix; the exact fix version is confirmed via EUVD-2026-30097 affected version range ('Prisma Access Agent 0 < 26.2.1') and the vendor advisory at https://security.paloaltonetworks.com/CVE-2026-0246. If immediate patching is not operationally feasible, reduce the attack surface by auditing and minimizing the number of non-administrative local user accounts on systems running the agent - this does not eliminate the vulnerability but shrinks the pool of potential local exploiters. Enabling endpoint detection rules for unexpected privilege escalation events (e.g., processes acquiring root or SYSTEM authority from non-privileged parent processes) can surface exploitation attempts. No action is required for Prisma Access Agent deployments on iOS, Android, or Chrome OS.
More in Prisma Access Agent
View allImproper certificate validation in Palo Alto Networks Prisma Access Agent versions below 26.2.1 on Android and Chrome OS
Privilege escalation in Palo Alto Networks Prisma Access Agent on Linux allows a locally authenticated low-privileged us
Authorization bypass in Palo Alto Networks Prisma Access Agent's Endpoint DLP component permits a locally authenticated
Multiple protection mechanism failures in the Data Loss Prevention (DLP) component of Palo Alto Networks Prisma Access A
Improper certificate validation in the Palo Alto Networks Prisma Access Agent for iOS exposes VPN tunnel traffic to inte
Security control bypass in Palo Alto Networks Prisma Access Agent for Linux enables a local, low-privileged attacker to
Prisma Access Agent on Windows and macOS exposes sensitive configuration data and credentials to local low-privileged us
Same weakness CWE-862 – Missing Authorization
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30097
GHSA-mjp7-qvjx-36p7