CVE-2026-0248 Prisma Access Agent: Improper Certificate Validation Vulnerability

Palo Alto Networks Security Advisories / CVE-2026-0248

CVE-2026-0248 Prisma Access Agent: Improper Certificate Validation Vulnerability

Urgency MODERATE

Severity 6.2 · MEDIUM

Exploit Maturity UNREPORTED

Response Effort MODERATE

Recovery AUTOMATIC

Value Density DIFFUSE

Attack Vector ADJACENT

Attack Complexity LOW

Attack Requirements NONE

Automatable YES

User Interaction NONE

Product Confidentiality HIGH

Product Integrity HIGH

Product Availability NONE

Privileges Required NONE

Subsequent Confidentiality LOW

Subsequent Integrity LOW

Subsequent Availability NONE

CVE JSON CSAF

Published 2026-05-13

Updated 2026-05-13

Discovered internally

Description

An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can capture sensitive device information.

The Prisma Access Agent on macOS, Windows, Linux and iOS are not affected.

Product Status

Versions	Affected	Unaffected
Prisma Access Agent	None on iOS None on Linux None on macOS None on Windows	All on iOS All on Linux All on macOS All on Windows
Prisma Access Agent	< 26.2.1 on Android < 26.2.1 on Chrome OS	>= 26.2.1 on Android >= 26.2.1 on Chrome OS

Required Configuration for Exposure

No special configuration is required.

Severity: MEDIUM, Suggested Urgency: MODERATE

CVSS-BT: 6.2 / CVSS-B: 8.6 (CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:U/AU:Y/R:A/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type and Impact

CWE-295 Improper Certificate Validation

CAPEC-94 Adversary in the Middle (AiTM)

Solution

Version	Minor Version	Suggested Solution
Prisma Access Agent on Android	25.0 through 26.2	Upgrade to 26.2.1 or later.
Prisma Access Agent Chrome OS	25.0 through 26.2	Upgrade to 26.2.1 or later.
Prisma Access Agent on iOS		No action needed
Prisma Access Agent on Linux		No action needed
Prisma Access Agent on macOS		No action needed
Prisma Access Agent on Windows		No action needed

Workarounds and Mitigations

No known workarounds exist for this issue.

Acknowledgments

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.

CPE Applicability

cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:*:*:*:Android:*:* is vulnerable from (including)25.0.0 and up to (excluding)26.2.1
ORcpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:*:*:*:Chrome_OS:*:* is vulnerable from (including)25.0.0 and up to (excluding)26.2.1

Timeline

2026-05-13 Initial publication.