CVE-2026-0246 Prisma Access Agent: Local Privilege Escalation Vulnerability

Palo Alto Networks Security Advisories / CVE-2026-0246

CVE-2026-0246 Prisma Access Agent: Local Privilege Escalation Vulnerability

Urgency MODERATE

Severity 5.9 · MEDIUM

Exploit Maturity UNREPORTED

Response Effort MODERATE

Recovery USER

Value Density DIFFUSE

Attack Vector LOCAL

Attack Complexity LOW

Attack Requirements NONE

Automatable NO

User Interaction NONE

Product Confidentiality HIGH

Product Integrity HIGH

Product Availability HIGH

Privileges Required LOW

Subsequent Confidentiality NONE

Subsequent Integrity NONE

Subsequent Availability NONE

CVE JSON CSAF

Published 2026-05-13

Updated 2026-05-13

Discovered internally

Description

A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. This allows the user to execute arbitrary code and read sensitive information otherwise accessible only to privileged accounts.

The Prisma Access Agent on iOS, Android and Chrome OS are not affected.

Product Status

Versions	Affected	Unaffected
Prisma Access Agent	None on Android None on ChromeOS None on iOS	All on Android All on ChromeOS All on iOS
Prisma Access Agent	< 26.2.1 on Linux < 26.2.1 on macOS < 26.2.1 on Windows	>= 26.2.1 on Linux (ETA: 06/04) >= 26.2.1 on macOS >= 26.2.1 on Windows

Required Configuration for Exposure

No special configuration is required.

Severity: MEDIUM, Suggested Urgency: MODERATE

CVSS-BT: 5.9 / CVSS-B: 8.5 (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of these issues.

Weakness Type and Impact

CWE-862 Missing Authorization

CAPEC-233 Privilege Escalation

Solution

Version	Minor Version	Suggested Solution
Prisma Access Agent on Linux	25.0 through 26.2	Upgrade to 26.2.1 or later.
Prisma Access Agent on macOS	24.0 through 26.2	Upgrade to 26.2.1 or later.
Prisma Access Agent on Windows	24.0 through 26.2	Upgrade to 26.2.1 or later.
Prisma Access Agent on Android		No action needed
Prisma Access Agent on Chrome OS		No action needed
Prisma Access Agent on iOS		No action needed

Workarounds and Mitigations

No known workarounds exist for this issue.

Acknowledgments

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.

CPE Applicability

- cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:*:*:*:Linux:*:* is vulnerable from (including)25.0.0 and up to (excluding)26.2.1
or
- cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:*:*:*:macOS:*:* is vulnerable from (including)24.0.0 and up to (excluding)26.2.1
or
- cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:*:*:*:Windows:*:* is vulnerable from (including)24.0.0 and up to (excluding)26.2.1

Timeline

2026-05-13 Initial publication.