Description
An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can capture sensitive device information.



The Prisma Access Agent on macOS, Windows, Linux and iOS are not affected.
Published: 2026-05-13
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to present a certificate for any domain that is issued by a trusted Certificate Authority. By doing so, the attacker can intercept the VPN traffic of the Prisma Access Agent on affected platforms, potentially capturing sensitive device information. This forms a classic denial of secure communication scenario where confidentiality is compromised. The weakness aligns with CWE-295 and can lead to full traffic eavesdropping.

Affected Systems

Palo Alto Networks Prisma Access Agent on Android and Chrome OS versions 25.0 through 26.2 are affected. The agent on macOS, Windows, Linux, and iOS is not impacted.

Risk and Exploitability

The CVSS score of 6.2 indicates medium severity. Although EPSS is not available and the vulnerability is not listed in the CISA KEV catalog, the potential for a network‑based man‑in‑the‑middle attack remains. The likely attack vector is a remote attacker who can position themselves between the device and the VPN endpoint on a shared network or compromised Wi-Fi. The risk is elevated for environments where VPN connections are frequently established over untrusted networks. Prompt remediation mitigates the opportunity for an attacker to capture traffic or decrypt otherwise secure transmissions.

Generated by OpenCVE AI on May 13, 2026 at 20:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Prisma Access Agent on Android and Chrome OS devices to version 26.2.1 or later, which addresses the certificate validation flaw.
  • If agents cannot be updated immediately, isolate the affected devices from untrusted networks and avoid initiating VPN sessions over such connections until the update is applied.
  • Enable or verify that certificate pinning or stricter certificate verification is enforced by the corporate VPN infrastructure to detect and block improperly validated certificates.

Generated by OpenCVE AI on May 13, 2026 at 20:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Palo Alto Networks prisma Access
Vendors & Products Palo Alto Networks prisma Access

Wed, 13 May 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 13 May 2026 19:15:00 +0000

Type Values Removed Values Added
Description An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can capture sensitive device information. The Prisma Access Agent on macOS, Windows, Linux and iOS are not affected.
Title Prisma Access Agent: Improper Certificate Validation Vulnerability
First Time appeared Palo Alto Networks
Palo Alto Networks prisma Access Agent
Weaknesses CWE-295
CPEs cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:android:*:*:*:*:*
cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:chrome_os:*:*:*:*:*
cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:ios:*:*:*:*:*
cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:linux:*:*:*:*:*
cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:macos:*:*:*:*:*
cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:windows:*:*:*:*:*
Vendors & Products Palo Alto Networks
Palo Alto Networks prisma Access Agent
References
Metrics cvssV4_0

{'score': 6.2, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:U/AU:Y/R:A/V:D/RE:M/U:Amber'}

Subscriptions

Palo Alto Networks Prisma Access Prisma Access Agent
cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published:

Updated: 2026-05-13T19:29:24.329Z

Reserved: 2025-11-03T20:44:09.168Z

Link: CVE-2026-0248

cve-icon Vulnrichment

Updated: 2026-05-13T19:29:19.060Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T19:16:58.920

Modified: 2026-05-14T16:21:23.190

Link: CVE-2026-0248

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T14:33:45Z

Weaknesses