Description
Multiple authorization bypass vulnerabilities in the Endpoint DLP component of Prisma Access Agent® allow a local attacker to bypass authentication controls and execute privileged operations.
Published: 2026-05-13
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerabilities reside in the Endpoint DLP component of Palo Alto Networks Prisma Access Agent. A local attacker can exploit the improper authorization controls, bypassing required authentication and performing operations with elevated privileges. The weakness is identified as improper authorization (CWE‑306).

Affected Systems

Affected software includes Prisma Access Agent Endpoint DLP versions 25.0 through 26.2 on both macOS and Windows platforms. Any endpoint running these versions is susceptible to the bypass.

Risk and Exploitability

The CVSS score of 5.9 indicates moderate severity. EPSS data is unavailable, suggesting no publicly known exploit activity; the vulnerability is not cataloged in CISA KEV. However, because the attack requires local presence, admins should consider the risk of privilege escalation. Upgrading to 26.2.1 or later installs the fix; without a fix the vulnerability could allow a local attacker to take over the endpoint.

Generated by OpenCVE AI on May 13, 2026 at 20:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Prisma Access Agent Endpoint DLP to version 26.2.1 or later.
  • If an immediate upgrade is not possible, temporarily disable the Endpoint DLP component on affected endpoints to prevent authorization bypass.
  • Enforce strict local account restrictions and monitor for unauthorized privileged operations on endpoints.

Generated by OpenCVE AI on May 13, 2026 at 20:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 13 May 2026 19:15:00 +0000

Type Values Removed Values Added
Description Multiple authorization bypass vulnerabilities in the Endpoint DLP component of Prisma Access Agent® allow a local attacker to bypass authentication controls and execute privileged operations.
Title Prisma Access Agent Endpoint DLP: Authorization Bypass Vulnerabilities
First Time appeared Palo Alto Networks
Palo Alto Networks prisma Access Agent
Weaknesses CWE-306
CPEs cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:macos:*:*:*:*:*
cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:windows:*:*:*:*:*
Vendors & Products Palo Alto Networks
Palo Alto Networks prisma Access Agent
References
Metrics cvssV4_0

{'score': 5.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber'}

Subscriptions

Palo Alto Networks Prisma Access Agent
cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published:

Updated: 2026-05-13T19:31:03.749Z

Reserved: 2025-11-03T20:44:08.293Z

Link: CVE-2026-0247

cve-icon Vulnrichment

Updated: 2026-05-13T19:30:59.138Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T19:16:58.780

Modified: 2026-05-14T16:21:23.190

Link: CVE-2026-0247

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T22:30:05Z

Weaknesses