Impact
The vulnerability permits a local user on a Windows system to bypass Data Loss Prevention policy enforcement within the Prisma Access Agent, enabling the exfiltration or improper handling of protected data. This flaw is a security misconfiguration (CWE-693) that directly compromises confidentiality of sensitive information. No code execution or privilege escalation beyond the local user context is required, but the ability to ignore DLP controls can lead to significant data loss.
Affected Systems
Palo Alto Networks Prisma Access Agent for Windows, from version 24.0 through 26.2, is affected. The macOS variant of the agent is not impacted by this issue.
Risk and Exploitability
The CVSS base score of 5.8 classifies the issue as moderate severity, with a local-user attack vector. The lack of an available EPSS score and absence from the CISA KEV catalog suggest that exploitation is currently limited or not widely observed. Nonetheless, an attacker who can log on locally – whether a privileged user or a compromised account – can exercise the bypass, making the risk real if sensitive data is handled on the affected systems.
OpenCVE Enrichment