CVE-2026-0246
MEDIUM EPSS 4.1%
Published May 13, 20261mo ago · Modified Jun 17, 20261w ago
5.9 CVSS 4.0
Published May 13, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago
Description
A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. This allows the user to execute arbitrary code and read sensitive information otherwise accessible only to privileged accounts. The Prisma Access Agent on iOS, Android and Chrome OS are not affected.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X
Threat Intelligence
EPSS Exploit Probability
4.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-862 Missing Authorization Authorization
References 1
- security.paloaltonetworks.com https://security.paloaltonetworks.com/CVE-2026-0246
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.