Description
A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel.



This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.
Published: 2026-06-10
Score: 4.4 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A local attacker who can authenticate to the Prisma Access Agent on Linux can bypass the VPN enforcement controls and redirect traffic outside the intended VPN tunnel. This vulnerability does not expose remote code execution or privilege escalation beyond the local user’s scope but enables unauthorized data exfiltration or interception by forcing network flows to evade encryption and policy controls. The weakness is a classic input handling flaw (CWE‑424).

Affected Systems

The vulnerability affects Palo Alto Networks Prisma Access Agent running on Linux versions 25.7 through 26.2.0. Other operating systems, including Windows, macOS, iOS, Android, and Chrome OS, are not impacted.

Risk and Exploitability

The CVSS score of 4.4 classifies the issue as low‑to‑moderate severity. Because the attacker must first gain local authenticated access to the host, the likelihood of exploitation is limited to environments where such access is possible. No public exploit information or KEV listing is available, and the EPSS score is not provided, suggesting a lower overall exploitation probability.

Generated by OpenCVE AI on June 10, 2026 at 22:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Prisma Access Agent on Linux to version 26.2.1 or later
  • Configure system firewall rules to allow outbound traffic only through the VPN interface
  • Audit local user permissions to restrict modification of routing tables and network policies

Generated by OpenCVE AI on June 10, 2026 at 22:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.
Title Prisma Access Agent: Local Authenticated VPN Enforcement Bypass on Linux
First Time appeared Palo Alto Networks
Palo Alto Networks prisma Access Agent
Weaknesses CWE-424
CPEs cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:*:*:*:Linux:*:*
Vendors & Products Palo Alto Networks
Palo Alto Networks prisma Access Agent
References
Metrics cvssV4_0

{'score': 4.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber'}

Subscriptions

Palo Alto Networks Prisma Access Agent
cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published:

Updated: 2026-06-10T20:40:11.198Z

Reserved: 2025-11-03T20:44:28.362Z

Link: CVE-2026-0268

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-10T22:16:53.413

Modified: 2026-06-10T22:16:53.413

Link: CVE-2026-0268

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T23:15:28Z

Weaknesses