CVE-2026-0248

UNKNOWN 0.0

Prisma Access Agent: Improper Certificate Validation Vulnerability

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can capture sensitive device information. The Prisma Access Agent on macOS, Windows, Linux and iOS are not affected.

CWE	CWE-295
Vendor	palo alto networks
Product	prisma access agent
Published	May 13, 2026
Last Updated	May 13, 2026

Stay Ahead of the Next One

Get instant alerts for palo alto networks prisma access agent

Be the first to know when new unknown vulnerabilities affecting palo alto networks prisma access agent are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Palo Alto Networks / Prisma Access Agent

0 < 26.2.1

Palo Alto Networks / Prisma Access Agent

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

security.paloaltonetworks.com: https://security.paloaltonetworks.com/CVE-2026-0248

Credits

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.