Description
A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. This allows the user to execute arbitrary code and read sensitive information otherwise accessible only to privileged accounts.



The Prisma Access Agent on iOS, Android and Chrome OS are not affected.
Published: 2026-05-13
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the privilege‑management component of the Prisma Access Agent allows a user who is already authenticated but does not have administrative rights to elevate privileges to the highest level (root on macOS and Linux, NT AUTHORITY\SYSTEM on Windows). Once elevated, the user can execute arbitrary code and access data that should be confined to privileged accounts.

Affected Systems

Palo Alto Networks Prisma Access Agent on Linux versions 25.0 through 26.2, on macOS versions 24.0 through 26.2, and on Windows versions 24.0 through 26.2 are vulnerable. The agent on Android, Chrome OS, and iOS is not affected.

Risk and Exploitability

The vulnerability has a CVSS score of 5.9 indicating moderate severity. No EPSS value is available, and it is not listed in CISA’s KEV catalog. The flaw requires local authenticated access and a post‑exploitation privilege‑escalation attack path. Attackers can leverage the exposed privilege management flaw to gain elevated rights and potentially compromise the host system.

Generated by OpenCVE AI on May 13, 2026 at 20:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Prisma Access Agent release (26.2.1 or newer) on all affected Linux, macOS, and Windows deployments.
  • Restart the agent so the privilege‑management changes take effect.
  • Review the agent’s permission tables to ensure that only authorized administrator accounts retain the ability to elevate privileges.

Generated by OpenCVE AI on May 13, 2026 at 20:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Palo Alto Networks prisma Access
Vendors & Products Palo Alto Networks prisma Access

Wed, 13 May 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 13 May 2026 19:15:00 +0000

Type Values Removed Values Added
Description A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. This allows the user to execute arbitrary code and read sensitive information otherwise accessible only to privileged accounts. The Prisma Access Agent on iOS, Android and Chrome OS are not affected.
Title Prisma Access Agent: Local Privilege Escalation Vulnerability
First Time appeared Palo Alto Networks
Palo Alto Networks prisma Access Agent
Weaknesses CWE-862
CPEs cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:linux:*:*:*:*:*
cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:macos:*:*:*:*:*
cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:windows:*:*:*:*:*
cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:android:*:*:*:*:*
cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:chromeos:*:*:*:*:*
cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:ios:*:*:*:*:*
Vendors & Products Palo Alto Networks
Palo Alto Networks prisma Access Agent
References
Metrics cvssV4_0

{'score': 5.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber'}

Subscriptions

Palo Alto Networks Prisma Access Prisma Access Agent
cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published:

Updated: 2026-05-13T19:30:50.538Z

Reserved: 2025-11-03T20:44:07.240Z

Link: CVE-2026-0246

cve-icon Vulnrichment

Updated: 2026-05-13T19:30:45.791Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T19:16:58.603

Modified: 2026-05-14T16:21:23.190

Link: CVE-2026-0246

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T14:33:52Z

Weaknesses