Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:L/U:Amber
Primary rating from Vendor (palo_alto) · only source for this CVE.
CVSS VectorVendor: palo_alto
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:L/U:Amber
Lifecycle Timeline
3DescriptionCVE.org
Multiple information disclosure vulnerabilities in Prisma Access Agent® allow a local user to access sensitive configuration data and credentials.
The Prisma Access Agent on Linux, ChromeOS, Android, and iOS are not affected.
AnalysisAI
Prisma Access Agent on Windows and macOS exposes sensitive configuration data and credentials to local low-privileged users through multiple information disclosure weaknesses. Palo Alto Networks has confirmed these vulnerabilities affect agent versions prior to 26.2.1; Linux, ChromeOS, Android, and iOS deployments are explicitly out of scope. No public exploit has been identified at time of analysis, and SSVC classifies exploitation status as none, making this a low-urgency but real credential-hygiene risk on affected desktop platforms.
Technical ContextAI
The affected product is Palo Alto Networks' Prisma Access Agent, the endpoint client used to connect end-user devices to the Prisma Access SASE platform. The CPE string (cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:*:*:*:*:*:*) covers all versions prior to 26.2.1. The root cause is CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), meaning the agent fails to adequately restrict access to sensitive data - likely configuration files, stored credentials, or registry entries - from locally executing processes or users operating below the privilege level that should be required to read that data. The tags 'Google' and 'Apple' in context with the platform exclusion list (Linux, ChromeOS, Android, iOS not affected) strongly indicate the vulnerabilities manifest on Windows and macOS. The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N/VC:H) confirms the attack is local, requires no special configuration, needs only low-privilege access, and yields high confidentiality impact on the vulnerable component.
RemediationAI
Upgrade Prisma Access Agent to version 26.2.1 or later on all affected Windows and macOS endpoints; this is the vendor-confirmed fix per the advisory at https://security.paloaltonetworks.com/CVE-2026-0245. If immediate patching is not possible, restrict local user permissions on endpoints running the agent to prevent low-privilege users from accessing agent installation directories, configuration file paths, or relevant registry hives - though this may interfere with normal agent operation and should be tested before broad deployment. Rotating any credentials that may have been stored or accessible by the agent (VPN tokens, certificates, API keys) is advisable as a precautionary measure on systems where untrusted local users have had access. Organizations with privileged access management (PAM) tooling should audit agent-stored credential material. No workaround fully eliminates the root CWE-200 flaw without patching.
More in Prisma Access Agent
View allImproper certificate validation in Palo Alto Networks Prisma Access Agent versions below 26.2.1 on Android and Chrome OS
Privilege escalation in Palo Alto Networks Prisma Access Agent on Linux allows a locally authenticated low-privileged us
Authorization bypass in Palo Alto Networks Prisma Access Agent's Endpoint DLP component permits a locally authenticated
Local privilege escalation in Palo Alto Networks Prisma Access Agent (all versions prior to 26.2.1) allows any locally a
Multiple protection mechanism failures in the Data Loss Prevention (DLP) component of Palo Alto Networks Prisma Access A
Improper certificate validation in the Palo Alto Networks Prisma Access Agent for iOS exposes VPN tunnel traffic to inte
Security control bypass in Palo Alto Networks Prisma Access Agent for Linux enables a local, low-privileged attacker to
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30096
GHSA-m7p9-pwpp-74rc