CVE-2026-0271 Prisma Access Agent: Local Privilege Escalation by Authorized Users

Palo Alto Networks Security Advisories / CVE-2026-0271

CVE-2026-0271 Prisma Access Agent: Local Privilege Escalation by Authorized Users

Urgency MODERATE

Severity 5.9 · MEDIUM

Exploit Maturity UNREPORTED

Response Effort MODERATE

Recovery AUTOMATIC

Value Density DIFFUSE

Attack Vector LOCAL

Attack Complexity LOW

Attack Requirements NONE

Automatable NO

User Interaction NONE

Product Confidentiality HIGH

Product Integrity HIGH

Product Availability HIGH

Privileges Required LOW

Subsequent Confidentiality NONE

Subsequent Integrity NONE

Subsequent Availability NONE

CVE JSON CSAF

Published 2026-06-10

Updated 2026-06-10

Discovered internally

Description

A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges.

This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.

Product Status

Versions	Affected	Unaffected
Prisma Access Agent	None on macOS None on Windows None on iOS None on Android None on Chrome OS	All on macOS All on Windows All on iOS All on Android All on Chrome OS
Prisma Access Agent	< 26.2.1 on Linux	>= 26.2.1 on Linux

Required Configuration for Exposure

No special configuration is required to be affected by this issue.

Severity: MEDIUM, Suggested Urgency: MODERATE

CVSS-BT: 5.9 / CVSS-B: 8.5 (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type and Impact

CWE-732 Incorrect Permission Assignment for Critical Resource

CAPEC-233 Privilege Escalation

Solution

Version	Minor Version	Suggested Solution
Prisma Access Agent on Linux	25.7 through 26.2.0	Upgrade to 26.2.1 or later.
Prisma Access Agent All on macOS		No action needed.
Prisma Access Agent All on Windows		No action needed.
Prisma Access Agent All on iOS		No action needed.
Prisma Access Agent All on Android		No action needed.
Prisma Access Agent All on Chrome OS		No action needed.

Workarounds and Mitigations

No known workarounds exist for this issue.

Acknowledgments

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.

CPE Applicability

cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:*:*:*:Linux:*:* is vulnerable from (including)26.2.0 and up to (excluding)26.2.1

Timeline

2026-06-10 Initial publication.