Palo Alto Networks Security Advisories / CVE-2026-0278

CVE-2026-0278 Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows

Urgency MODERATE

047910
Severity 5.8 · MEDIUM
Exploit Maturity UNREPORTED
Response Effort HIGH
Recovery AUTOMATIC
Value Density CONCENTRATED
Attack Vector LOCAL
Attack Complexity LOW
Attack Requirements NONE
Automatable NO
User Interaction NONE
Product Confidentiality HIGH
Product Integrity HIGH
Product Availability NONE
Privileges Required LOW
Subsequent Confidentiality NONE
Subsequent Integrity NONE
Subsequent Availability NONE

Description

Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls.

The Prisma Access Agent on macOS is not affected.

Product Status

VersionsAffectedUnaffected
Prisma Access AgentNone on macOS
All on macOS
Prisma Access Agent 0< 26.2.1 on Windows
>= 26.2.1 on Windows

Required Configuration for Exposure

No special configuration is required to be affected by this issue.

Severity: MEDIUM, Suggested Urgency: MODERATE

CVSS-BT: 5.8 / CVSS-B: 8.4 (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:C/RE:H/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type and Impact

CWE-693 Protection Mechanism Failure

CAPEC-212 Functionality Misuse

Solution

Version
Minor Version
Suggested Solution
Prisma Access Agent on Windows
24.0 through 26.2 Upgrade to 26.2.1 or later.
Prisma Access Agent on macOS
No action needed.

Workarounds and Mitigations

No known workarounds exist for this issue.

Acknowledgments

Palo Alto Networks thanks Daniel Cuthbert and Vladislav Ovitchinikov from Banco Santander for discovering and reporting this issue.

CPE Applicability

Timeline

Initial Publication
© 2026 Palo Alto Networks, Inc. All rights reserved.