CVE-2026-0245 MEDIUM

CVE-2026-0245: Prisma Access Agent: Information Disclosure Vulnerabilities

Vendor Palo Alto Networks
Product Prisma Access Agent
Weakness CWE-200 · Info exposure
Published May 13, 2026
Last update May 13, 2026

CVSS base score

4.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:L/U:Amber

What the vulnerability does

01Description

Multiple information disclosure vulnerabilities in Prisma Access Agent® allow a local user to access sensitive configuration data and credentials. The Prisma Access Agent on Linux, ChromeOS, Android, and iOS are not affected.

Key dates

02Disclosure timeline

May 13, 2026 CVE published
May 13, 2026 Record updated