CVE-2026-0244 Prisma SD-WAN: Improper Certificate Validation Vulnerability

Description

An improper certificate validation vulnerability in the Palo Alto Networks Prisma SD-WAN ION enables man-in-the-middle (MitM) attacker to impersonate the controller.

Product Status

Note on end-of-life versions

If you are using any Prisma SD-WAN software end-of-life (EoL)  versions, we recommend that you upgrade to Prisma SD-WAN 6.3.6, Prisma SD-WAN 6.4.3, or Prisma SD-WAN 6.5.3 or later.

If you are using the Prisma SD-WAN ION 6.2.4 on-prem version, we recommend that you upgrade to Prisma SD-WAN 6.2.4-b12 version.

Required Configuration for Exposure

No special configuration is required to be affected by this issue.

Severity: MEDIUM, Suggested Urgency: MODERATE

CVSS-BT: 5.2 / CVSS-B: 7.7 (CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type and Impact

CWE-295 Improper Certificate Validation

CAPEC-94 Adversary in the Middle (AiTM)

Solution

Workarounds and Mitigations

No known workarounds exist for this issue.

Acknowledgments

CPE Applicability

• cpe:2.3:h:palo_alto_networks:prisma_sd-wan_ion:*:*:*:*:*:*:*:* is vulnerable from (including)6.5.1 and up to (excluding)6.5.3-b15
• ORcpe:2.3:h:palo_alto_networks:prisma_sd-wan_ion:*:*:*:*:*:*:*:* is vulnerable from (including)6.4.1 and up to (excluding)6.4.3-b8
• ORcpe:2.3:h:palo_alto_networks:prisma_sd-wan_ion:*:*:*:*:*:*:*:* is vulnerable from (including)6.3.1 and up to (excluding)6.3.6-b10

Timeline