CVE-2026-0245

Summary

Multiple information disclosure vulnerabilities in Prisma Access Agent® allow a local user to access sensitive configuration data and credentials.

The Prisma Access Agent on Linux, ChromeOS, Android, and iOS are not affected.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksPrisma Access Agent0 < 26.2.1affected
Palo Alto NetworksPrisma Access AgentAllunaffected

Weaknesses

  • CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Workarounds

No known workarounds exist for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References