Skip to main content

Prisma Access Agent CVE-2026-0277

| EUVDEUVD-2026-42689 MEDIUM
Improper Certificate Validation (CWE-295)
2026-07-09 palo_alto GHSA-pf7c-mm8v-94pp
5.7
CVSS 4.0 · Vendor: palo_alto
Share

Severity by source

Vendor (palo_alto) PRIMARY
5.7 MEDIUM
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
vuln.today AI
7.5 HIGH

Adjacent network required for MitM; AC:H reflects AT:P precondition; scope changes as intercepted traffic affects downstream enterprise systems.

3.1 AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
4.0 AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Primary rating from Vendor (palo_alto).

CVSS VectorVendor: palo_alto

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

3
Patch available
Jul 09, 2026 - 21:01 EUVD
Analysis Generated
Jul 09, 2026 - 20:25 vuln.today
CVE Published
Jul 09, 2026 - 19:14 cve.org
MEDIUM 5.7

DescriptionCVE.org

An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic.

The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected.

AnalysisAI

Improper certificate validation in the Palo Alto Networks Prisma Access Agent for iOS exposes VPN tunnel traffic to interception and manipulation by a network-adjacent attacker. The flaw (CWE-295) enables a man-in-the-middle position to defeat the agent's TLS/certificate trust chain, allowing an adversary to read or alter traffic that the iOS client believes is securely tunneled. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Position on victim's adjacent network
Delivery
Intercept VPN tunnel initiation from iOS device
Exploit
Present fraudulent TLS certificate
Execution
Bypass improper certificate validation in Prisma Access Agent
Impact
Decrypt and read or modify intercepted VPN traffic

Vulnerability AssessmentAI

Exploitation Exploitation requires: (1) The victim must be running the Prisma Access Agent specifically on an iOS device - agents on all other platforms are explicitly not vulnerable. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score is 5.7 (Medium), driven by an adjacent-network attack vector (AV:A), which meaningfully limits the attacker pool relative to a fully remote vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker sets up a rogue Wi-Fi access point or performs ARP spoofing on a shared corporate or public network where an iOS user running the Prisma Access Agent is connected. When the victim's iOS device initiates or re-establishes the VPN tunnel, the attacker intercepts the certificate exchange, presents a fraudulent certificate that the agent fails to reject, and decrypts or tampers with the resulting VPN traffic. …
Remediation Consult the Palo Alto Networks security advisory at https://security.paloaltonetworks.com/CVE-2026-0277 for the patched version of the Prisma Access Agent for iOS, as a specific fixed version is not identified in the available data. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-0277 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy