CVE-2026-0268

Summary

A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel.

This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksPrisma Access Agent0 < 26.2.1affected
Palo Alto NetworksPrisma Access AgentAllunaffected

Weaknesses

  • CWE-424: CWE-424 Improper Protection of Alternate Path

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References