CVE-2026-0277

Summary

An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic.

The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksPrisma Access Agent0 < 26.2.1affected
Palo Alto NetworksPrisma Access AgentAllunaffected

Weaknesses

  • CWE-295: CWE-295 Improper Certificate Validation

Workarounds

No known workarounds exist for this issue.

References