Severity by source
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
Adjacent network required for MitM; AC:H reflects AT:P precondition; scope changes as intercepted traffic affects downstream enterprise systems.
Primary rating from Vendor (palo_alto).
CVSS VectorVendor: palo_alto
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
Lifecycle Timeline
3DescriptionCVE.org
An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic.
The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected.
AnalysisAI
Improper certificate validation in the Palo Alto Networks Prisma Access Agent for iOS exposes VPN tunnel traffic to interception and manipulation by a network-adjacent attacker. The flaw (CWE-295) enables a man-in-the-middle position to defeat the agent's TLS/certificate trust chain, allowing an adversary to read or alter traffic that the iOS client believes is securely tunneled. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires: (1) The victim must be running the Prisma Access Agent specifically on an iOS device - agents on all other platforms are explicitly not vulnerable. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score is 5.7 (Medium), driven by an adjacent-network attack vector (AV:A), which meaningfully limits the attacker pool relative to a fully remote vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker sets up a rogue Wi-Fi access point or performs ARP spoofing on a shared corporate or public network where an iOS user running the Prisma Access Agent is connected. When the victim's iOS device initiates or re-establishes the VPN tunnel, the attacker intercepts the certificate exchange, presents a fraudulent certificate that the agent fails to reject, and decrypts or tampers with the resulting VPN traffic. … |
| Remediation | Consult the Palo Alto Networks security advisory at https://security.paloaltonetworks.com/CVE-2026-0277 for the patched version of the Prisma Access Agent for iOS, as a specific fixed version is not identified in the available data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Prisma Access Agent
View allImproper certificate validation in Palo Alto Networks Prisma Access Agent versions below 26.2.1 on Android and Chrome OS
Privilege escalation in Palo Alto Networks Prisma Access Agent on Linux allows a locally authenticated low-privileged us
Authorization bypass in Palo Alto Networks Prisma Access Agent's Endpoint DLP component permits a locally authenticated
Local privilege escalation in Palo Alto Networks Prisma Access Agent (all versions prior to 26.2.1) allows any locally a
Multiple protection mechanism failures in the Data Loss Prevention (DLP) component of Palo Alto Networks Prisma Access A
Security control bypass in Palo Alto Networks Prisma Access Agent for Linux enables a local, low-privileged attacker to
Prisma Access Agent on Windows and macOS exposes sensitive configuration data and credentials to local low-privileged us
Same weakness CWE-295 – Improper Certificate Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42689
GHSA-pf7c-mm8v-94pp