Description
Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls.



The Prisma Access Agent on macOS is not affected.
Published: 2026-07-09
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability permits a local user on a Windows system to bypass Data Loss Prevention policy enforcement within the Prisma Access Agent, enabling the exfiltration or improper handling of protected data. This flaw is a security misconfiguration (CWE-693) that directly compromises confidentiality of sensitive information. No code execution or privilege escalation beyond the local user context is required, but the ability to ignore DLP controls can lead to significant data loss.

Affected Systems

Palo Alto Networks Prisma Access Agent for Windows, from version 24.0 through 26.2, is affected. The macOS variant of the agent is not impacted by this issue.

Risk and Exploitability

The CVSS base score of 5.8 classifies the issue as moderate severity, with a local-user attack vector. The lack of an available EPSS score and absence from the CISA KEV catalog suggest that exploitation is currently limited or not widely observed. Nonetheless, an attacker who can log on locally – whether a privileged user or a compromised account – can exercise the bypass, making the risk real if sensitive data is handled on the affected systems.

Generated by OpenCVE AI on July 10, 2026 at 13:08 UTC.

Remediation

Vendor Workaround

No known workarounds exist for this issue.


OpenCVE Recommended Actions

  • Upgrade the Windows Prisma Access Agent to version 26.2.1 or later to receive the vendor’s fix.
  • Ensure the DLP component is enabled and that all relevant policies are active after the update.
  • Limit local user privileges so that only authorized administrators can modify or disable DLP settings, following least‑privilege principles.

Generated by OpenCVE AI on July 10, 2026 at 13:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 09 Jul 2026 20:00:00 +0000

Type Values Removed Values Added
Description Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected.
Title Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows
First Time appeared Palo Alto Networks
Palo Alto Networks prisma Access Agent
Weaknesses CWE-693
CPEs cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:windows:*:*:*:*:*
cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:macos:*:*:*:*:*
Vendors & Products Palo Alto Networks
Palo Alto Networks prisma Access Agent
References
Metrics cvssV4_0

{'score': 5.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:C/RE:H/U:Amber'}


Subscriptions

Palo Alto Networks Prisma Access Agent
cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published:

Updated: 2026-07-10T14:19:33.322Z

Reserved: 2025-11-03T20:44:37.292Z

Link: CVE-2026-0278

cve-icon Vulnrichment

Updated: 2026-07-10T14:19:30.710Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-10T13:15:16Z

Weaknesses
  • CWE-693

    Protection Mechanism Failure