CVE-2026-0268 MEDIUM

CVE-2026-0268: Prisma Access Agent: Local Authenticated VPN Enforcement Bypass on Linux

Vendor Palo Alto Networks
Product Prisma Access Agent
Weakness CWE-424
Published June 10, 2026
Last update June 11, 2026

CVSS base score

4.4/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber

What the vulnerability does

01Description

A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.

Key dates

02Disclosure timeline

June 10, 2026 CVE published
June 11, 2026 Record updated