Prisma Access Agent: Information Disclosure Vulnerabilities

MonitorCVSS 6.8CVE-2026-0245May 13, 2026

Palo Alto Networks

IT in OT - Palo Alto firewalls are commonly deployed at IT/OT network boundaries

Summary

Multiple information disclosure vulnerabilities in Prisma Access Agent allow a local user to access sensitive configuration data and credentials on Windows and macOS systems. The vulnerabilities require local user account access to the affected endpoint. Prisma Access Agent on Linux, ChromeOS, Android, and iOS are not affected by these vulnerabilities.

What this means

What could happen

A local attacker with user account access on a Windows or macOS endpoint running Prisma Access Agent could read sensitive configuration data and stored credentials, potentially gaining access to the corporate network or other connected systems.

Who's at risk

Organizations using Prisma Access Agent on Windows and macOS endpoints for remote access or VPN connectivity. This includes corporate employees using company-issued laptops with the agent installed. Linux, Android, ChromeOS, and iOS users are not affected.

How it could be exploited

An attacker with local user account access to an affected Windows or macOS machine can exploit these vulnerabilities to read files or memory containing Prisma Access Agent configuration data and credentials without requiring elevated privileges. This could allow lateral movement or direct access to protected network resources.

Prerequisites

Local user account access to an affected Windows or macOS endpoint
Prisma Access Agent version before 26.2.1 installed and running

No authentication required for local exploitationLow complexity exploitationAffects credential storageNo fix available for Linux, Android, ChromeOS, iOS variants

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (6)

2 with fix4 pending

ProductAffected VersionsFix Status

Prisma Access AgentBelow 26.2.1 on macOS26.2.1 on macOS+

Prisma Access AgentBelow 26.2.1 on Windows26.2.1 on Windows+

Prisma Access AgentNone on LinuxNo fix yet

Prisma Access AgentNone on AndroidNo fix yet

Prisma Access AgentNone on ChromeOSNo fix yet

Prisma Access AgentNone on iOSNo fix yet

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Prisma Access Agent

HOTFIXUpdate Prisma Access Agent to version 26.2.1 or later on all Windows endpoints

HOTFIXUpdate Prisma Access Agent to version 26.2.1 or later on all macOS endpoints

Long-term hardening

0/2

Prisma Access Agent

HARDENINGRestrict local user account creation and access on endpoints running Prisma Access Agent, limiting to essential personnel

HARDENINGEnable endpoint device management to monitor and audit access to Prisma Access Agent configuration and credential storage

CVEs (1)

CVE-2026-0245

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4409d2f1-c0ae-4d58-a4c8-f52e4f01d48a

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.