Skip to main content

Prisma Access Agent EUVDEUVD-2026-42688

| CVE-2026-0278 MEDIUM
Protection Mechanism Failure (CWE-693)
2026-07-09 palo_alto GHSA-8rjp-6xx9-5c3c
5.8
CVSS 4.0 · Vendor: palo_alto
Share

Severity by source

Vendor (palo_alto) PRIMARY
5.8 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:C/RE:H/U:Amber
vuln.today AI
7.1 HIGH

Local session required with standard user privileges; no interaction needed; DLP bypass yields full confidentiality and integrity impact; no availability effect; scope unchanged as no adjacent system is compromised.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (palo_alto).

CVSS VectorVendor: palo_alto

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:C/RE:H/U:Amber
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jul 09, 2026 - 21:01 EUVD
Analysis Generated
Jul 09, 2026 - 20:22 vuln.today
CVE Published
Jul 09, 2026 - 19:12 cve.org
MEDIUM 5.8

DescriptionCVE.org

Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls.

The Prisma Access Agent on macOS is not affected.

AnalysisAI

Multiple protection mechanism failures in the Data Loss Prevention (DLP) component of Palo Alto Networks Prisma Access Agent for Windows enable a local authenticated user to bypass DLP policy enforcement controls. Only the Windows platform is affected; the Prisma Access Agent for macOS is explicitly excluded per vendor advisory. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local user session on Windows endpoint
Delivery
Identify DLP enforcement mechanism weaknesses in Prisma Access Agent
Exploit
Trigger one or more protection mechanism failures
Execution
DLP policy enforcement bypassed
Impact
Exfiltrate data via normally-blocked channel

Vulnerability AssessmentAI

Exploitation Exploitation requires an active local user session on a Windows endpoint with Prisma Access Agent installed and DLP policies enforced - the CVSS PR:L metric confirms low-privilege (standard user) access is sufficient, with no administrative rights needed. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 5.8 (Medium) reflects the local attack vector (AV:L) and low-privilege requirement (PR:L), which meaningfully constrain exploitability to insiders or attackers already with a foothold on the endpoint. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local standard user on a managed Windows endpoint running Prisma Access Agent identifies weaknesses in how DLP enforcement mechanisms validate or intercept data transfer operations, then triggers one or more of the protection mechanism failures to cause DLP policy to be bypassed - allowing sensitive files or clipboard content to be exfiltrated via channels the policy would otherwise block. No public proof-of-concept exploit code has been identified, meaning exploitation currently requires specific knowledge of the implementation weaknesses.
Remediation Consult the Palo Alto Networks security advisory at https://security.paloaltonetworks.com/CVE-2026-0278 for patched agent versions and upgrade instructions. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42688 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy