{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0246", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2025-11-03T20:44:07.240Z", "datePublished": "2026-05-13T18:51:06.275Z", "dateUpdated": "2026-05-13T19:30:50.538Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-05-13T18:51:06.275Z"}, "title": "Prisma Access Agent: Local Privilege Escalation Vulnerability", "datePublic": "2026-05-13T16:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Prisma Access Agent", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "0", "lessThan": "26.2.1", "changes": [{"at": "26.2.1", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "Prisma Access Agent", "platforms": ["macOS"], "versions": [{"status": "affected", "version": "0", "lessThan": "26.2.1", "changes": [{"at": "26.2.1", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "Prisma Access Agent", "platforms": ["Windows"], "versions": [{"status": "affected", "version": "0", "lessThan": "26.2.1", "changes": [{"at": "26.2.1", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "Prisma Access Agent", "platforms": ["Android", "ChromeOS", "iOS"], "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:linux:*:*:*:*:*", "versionStartIncluding": "0", "versionEndExcluding": "26.2.1"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:macos:*:*:*:*:*", "versionStartIncluding": "0", "versionEndExcluding": "26.2.1"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:windows:*:*:*:*:*", "versionStartIncluding": "0", "versionEndExcluding": "26.2.1"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:android:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:chromeos:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:ios:*:*:*:*:*"}]}]}], "descriptions": [{"lang": "en", "value": "A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent\u00ae enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\\SYSTEM on Windows. This allows the user to execute arbitrary code and read sensitive information otherwise accessible only to privileged accounts.\n\n\n\nThe Prisma Access Agent on iOS, Android and Chrome OS are not affected.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent\u00ae enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\\SYSTEM on Windows. This allows the user to execute arbitrary code and read sensitive information otherwise accessible only to privileged accounts.</p><p>The Prisma Access Agent on iOS, Android and Chrome OS are not affected.</p>"}]}], "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0246", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "Safety": "NOT_DEFINED", "Automatable": "NO", "Recovery": "USER", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "AMBER", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 5.9, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber"}}], "configurations": [{"lang": "eng", "value": "No special configuration is required.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>No special configuration is required.</p>"}]}], "workarounds": [{"lang": "eng", "value": "No known workarounds exist for this issue.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>No known workarounds exist for this issue.</p>"}]}], "solutions": [{"lang": "eng", "value": "Version Minor Version Suggested Solution\nPrisma Access Agent on Linux 25.0 through 26.2 Upgrade to 26.2.1 or later.\nPrisma Access Agent on macOS 24.0 through 26.2 Upgrade to 26.2.1 or later.\nPrisma Access Agent on Windows 24.0 through 26.2 Upgrade to 26.2.1 or later.\nPrisma Access Agent on Android No action needed\nPrisma Access Agent on Chrome OS No action needed\nPrisma Access Agent on iOS No action needed", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<table><tbody><tr><td>Version</td><td>Minor Version</td><td>Suggested Solution</td></tr><tr><td>Prisma Access Agent on Linux</td><td>25.0 through 26.2</td><td>Upgrade to 26.2.1 or later.</td></tr><tr><td>Prisma Access Agent on macOS</td><td>24.0 through 26.2</td><td>Upgrade to 26.2.1 or later.</td></tr><tr><td>Prisma Access Agent on Windows</td><td>24.0 through 26.2</td><td>Upgrade to 26.2.1 or later.</td></tr><tr><td>Prisma Access Agent on Android</td><td><br></td><td>No action needed</td></tr><tr><td>Prisma Access Agent on Chrome OS</td><td><br></td><td>No action needed</td></tr><tr><td>Prisma Access Agent on iOS</td><td><br></td><td>No action needed</td></tr></tbody></table>"}]}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Palo Alto Networks is not aware of any malicious exploitation of these issues.</p>"}]}], "timeline": [{"time": "2026-05-13T16:00:00.000Z", "lang": "en", "value": "Initial publication."}], "credits": [{"lang": "en", "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.", "type": "other"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "x_affectedList": ["Prisma Access Agent 26.2.0"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-13T19:27:51.920973Z", "id": "CVE-2026-0246", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-13T19:30:50.538Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0246", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-05-13T19:27:51.920973Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-13T19:30:45.791Z"}}], "cna": {"title": "Prisma Access Agent: Local Privilege Escalation Vulnerability", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "other", "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 5.9, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber", "exploitMaturity": "UNREPORTED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Prisma Access Agent", "versions": [{"status": "affected", "changes": [{"at": "26.2.1", "status": "unaffected"}], "version": "0", "lessThan": "26.2.1", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "Prisma Access Agent", "versions": [{"status": "affected", "changes": [{"at": "26.2.1", "status": "unaffected"}], "version": "0", "lessThan": "26.2.1", "versionType": "custom"}], "platforms": ["macOS"], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "Prisma Access Agent", "versions": [{"status": "affected", "changes": [{"at": "26.2.1", "status": "unaffected"}], "version": "0", "lessThan": "26.2.1", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "Prisma Access Agent", "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "platforms": ["Android", "ChromeOS", "iOS"], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues.", "supportingMedia": [{"type": "text/html", "value": "<p>Palo Alto Networks is not aware of any malicious exploitation of these issues.</p>", "base64": false}]}], "timeline": [{"lang": "en", "time": "2026-05-13T16:00:00.000Z", "value": "Initial publication."}], "solutions": [{"lang": "eng", "value": "Version Minor Version Suggested Solution\nPrisma Access Agent on Linux 25.0 through 26.2 Upgrade to 26.2.1 or later.\nPrisma Access Agent on macOS 24.0 through 26.2 Upgrade to 26.2.1 or later.\nPrisma Access Agent on Windows 24.0 through 26.2 Upgrade to 26.2.1 or later.\nPrisma Access Agent on Android No action needed\nPrisma Access Agent on Chrome OS No action needed\nPrisma Access Agent on iOS No action needed", "supportingMedia": [{"type": "text/html", "value": "<table><tbody><tr><td>Version</td><td>Minor Version</td><td>Suggested Solution</td></tr><tr><td>Prisma Access Agent on Linux</td><td>25.0 through 26.2</td><td>Upgrade to 26.2.1 or later.</td></tr><tr><td>Prisma Access Agent on macOS</td><td>24.0 through 26.2</td><td>Upgrade to 26.2.1 or later.</td></tr><tr><td>Prisma Access Agent on Windows</td><td>24.0 through 26.2</td><td>Upgrade to 26.2.1 or later.</td></tr><tr><td>Prisma Access Agent on Android</td><td><br></td><td>No action needed</td></tr><tr><td>Prisma Access Agent on Chrome OS</td><td><br></td><td>No action needed</td></tr><tr><td>Prisma Access Agent on iOS</td><td><br></td><td>No action needed</td></tr></tbody></table>", "base64": false}]}], "datePublic": "2026-05-13T16:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0246", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "eng", "value": "No known workarounds exist for this issue.", "supportingMedia": [{"type": "text/html", "value": "<p>No known workarounds exist for this issue.</p>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent\u00ae enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\\SYSTEM on Windows. This allows the user to execute arbitrary code and read sensitive information otherwise accessible only to privileged accounts.\n\n\n\nThe Prisma Access Agent on iOS, Android and Chrome OS are not affected.", "supportingMedia": [{"type": "text/html", "value": "<p>A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent\u00ae enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\\SYSTEM on Windows. This allows the user to execute arbitrary code and read sensitive information otherwise accessible only to privileged accounts.</p><p>The Prisma Access Agent on iOS, Android and Chrome OS are not affected.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "configurations": [{"lang": "eng", "value": "No special configuration is required.", "supportingMedia": [{"type": "text/html", "value": "<p>No special configuration is required.</p>", "base64": false}]}], "x_affectedList": ["Prisma Access Agent 26.2.0"], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:linux:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "26.2.1", "versionStartIncluding": "0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:macos:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "26.2.1", "versionStartIncluding": "0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:windows:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "26.2.1", "versionStartIncluding": "0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:android:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:chromeos:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:ios:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-05-13T18:51:06.275Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0246", "state": "PUBLISHED", "dateUpdated": "2026-05-13T19:30:50.538Z", "dateReserved": "2025-11-03T20:44:07.240Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2026-05-13T18:51:06.275Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent\u00ae enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\\SYSTEM on Windows. This allows the user to execute arbitrary code and read sensitive information otherwise accessible only to privileged accounts.\n\n\n\nThe Prisma Access Agent on iOS, Android and Chrome OS are not affected."}], "id": "CVE-2026-0246", "lastModified": "2026-05-14T16:21:23.190", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2026-05-13T19:16:58.603", "references": [{"source": "psirt@paloaltonetworks.com", "url": "https://security.paloaltonetworks.com/CVE-2026-0246"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,26.2.1)"}}, {"platform": ["macos"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,26.2.1)"}}, {"platform": ["windows"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,26.2.1)"}}], "enrichment": {"confidence": 91.0, "confidence_source": "matching", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 91.0, "source": "matching"}]}, "product": "prisma_access", "vendor": "palo_alto_networks"}, {"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,26.2.1)"}}, {"platform": ["macos"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,26.2.1)"}}, {"platform": ["windows"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,26.2.1)"}}], "product": "prisma_access_agent", "vendor": "palo_alto_networks"}], "created": "2026-05-13T20:30:04.258495+00:00", "updated": "2026-05-14T14:33:52.637568+00:00", "vendors": ["palo_alto_networks", "palo_alto_networks$PRODUCT$prisma_access", "palo_alto_networks$PRODUCT$prisma_access_agent"]}