CVE-2026-0246

Prisma Access Agent: Local Privilege Escalation Vulnerability

CVSS 5.9 MEDIUMEPSS 0.1%CWE-862

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.9EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

13 May 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. This allows the user to execute arbitrary code and read sensitive information otherwise accessible only to privileged accounts. The Prisma Access Agent on iOS, Android and Chrome OS are not affected.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber

Affected products

Palo Alto Networks · Prisma Access Agent

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://security.paloaltonetworks.com/CVE-2026-0246