{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0268", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2025-11-03T20:44:28.362Z", "datePublished": "2026-06-10T20:40:11.198Z", "dateUpdated": "2026-06-11T13:57:54.692Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-06-10T20:40:11.198Z"}, "title": "Prisma Access Agent: Local Authenticated VPN Enforcement Bypass on Linux", "datePublic": "2026-06-10T16:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-424", "description": "CWE-424 Improper Protection of Alternate Path", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Prisma Access Agent", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "0", "lessThan": "26.2.1", "changes": [{"at": "26.2.1", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "Prisma Access Agent", "platforms": ["Windows", "macOS", "iOS", "Android", "Chrome OS"], "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:*:*:*:Linux:*:*", "versionEndExcluding": "26.2.1", "versionStartIncluding": "26.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "value": "A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel.\n\n\n\nThis does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p><span>A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel.</span></p><p><span>This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.</span></p>"}]}], "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0268", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "Safety": "NOT_DEFINED", "Automatable": "NO", "Recovery": "USER", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "AMBER", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 4.4, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber"}}], "configurations": [{"lang": "eng", "value": "No special configuration is required.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "No special configuration is required."}]}], "workarounds": [{"lang": "eng", "value": "There are no known workarounds for this issue.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "There are no known workarounds for this issue."}]}], "solutions": [{"lang": "eng", "value": "VERSION MINOR VERSION SUGGESTED SOLUTION\nPrisma Access Agent on Linux 25.7 through 26.2.0 Upgrade to 26.2.1 or later.\nPrisma Access Agent All on Windows No action needed.\nPrisma Access Agent All on macOS No action needed.\nPrisma Access Agent All on iOS No action needed.\nPrisma Access Agent All on Android No action needed.\nPrisma Access Agent All on Chrome OS No action needed.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr>\n <td>Prisma Access Agent on Linux<br></td>\n <td>25.7 through 26.2.0</td>\n <td>Upgrade to 26.2.1 or later.</td>\n </tr><tr><td>Prisma Access Agent All on Windows<br></td><td></td><td>No action needed.</td></tr><tr><td>Prisma Access Agent All on macOS<br></td><td></td><td>No action needed.</td></tr><tr><td>Prisma Access Agent All on iOS<br></td><td></td><td>No action needed.</td></tr><tr><td>Prisma Access Agent All on Android<br></td><td></td><td>No action needed.</td></tr><tr><td>Prisma Access Agent All on Chrome OS<br></td><td></td><td>No action needed.</td></tr></tbody></table>"}]}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}], "timeline": [{"time": "2026-06-10T16:00:00.000Z", "lang": "en", "value": "Initial publication."}], "credits": [{"lang": "en", "value": "our internal security research teams", "type": "finder"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "x_affectedList": ["Prisma Access Agent 26.2.0"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-11T13:57:46.995690Z", "id": "CVE-2026-0268", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-11T13:57:54.692Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0268", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2025-11-03T20:44:28.362Z", "datePublished": "2026-06-10T20:40:11.198Z", "dateUpdated": "2026-06-11T13:57:54.692Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-06-10T20:40:11.198Z"}, "title": "Prisma Access Agent: Local Authenticated VPN Enforcement Bypass on Linux", "datePublic": "2026-06-10T16:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-424", "description": "CWE-424 Improper Protection of Alternate Path", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Prisma Access Agent", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "0", "lessThan": "26.2.1", "changes": [{"at": "26.2.1", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "Prisma Access Agent", "platforms": ["Windows", "macOS", "iOS", "Android", "Chrome OS"], "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:*:*:*:Linux:*:*", "versionEndExcluding": "26.2.1", "versionStartIncluding": "26.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "value": "A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel.\n\n\n\nThis does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p><span>A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel.</span></p><p><span>This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.</span></p>"}]}], "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0268", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "Safety": "NOT_DEFINED", "Automatable": "NO", "Recovery": "USER", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "AMBER", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 4.4, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber"}}], "configurations": [{"lang": "eng", "value": "No special configuration is required.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "No special configuration is required."}]}], "workarounds": [{"lang": "eng", "value": "There are no known workarounds for this issue.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "There are no known workarounds for this issue."}]}], "solutions": [{"lang": "eng", "value": "VERSION MINOR VERSION SUGGESTED SOLUTION\nPrisma Access Agent on Linux 25.7 through 26.2.0 Upgrade to 26.2.1 or later.\nPrisma Access Agent All on Windows No action needed.\nPrisma Access Agent All on macOS No action needed.\nPrisma Access Agent All on iOS No action needed.\nPrisma Access Agent All on Android No action needed.\nPrisma Access Agent All on Chrome OS No action needed.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr>\n <td>Prisma Access Agent on Linux<br></td>\n <td>25.7 through 26.2.0</td>\n <td>Upgrade to 26.2.1 or later.</td>\n </tr><tr><td>Prisma Access Agent All on Windows<br></td><td></td><td>No action needed.</td></tr><tr><td>Prisma Access Agent All on macOS<br></td><td></td><td>No action needed.</td></tr><tr><td>Prisma Access Agent All on iOS<br></td><td></td><td>No action needed.</td></tr><tr><td>Prisma Access Agent All on Android<br></td><td></td><td>No action needed.</td></tr><tr><td>Prisma Access Agent All on Chrome OS<br></td><td></td><td>No action needed.</td></tr></tbody></table>"}]}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}], "timeline": [{"time": "2026-06-10T16:00:00.000Z", "lang": "en", "value": "Initial publication."}], "credits": [{"lang": "en", "value": "our internal security research teams", "type": "finder"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "x_affectedList": ["Prisma Access Agent 26.2.0"]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0268", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-11T13:57:46.995690Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-11T13:57:49.879Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel.\n\n\n\nThis does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS."}], "id": "CVE-2026-0268", "lastModified": "2026-06-11T15:21:30.653", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2026-06-10T22:16:53.413", "references": [{"source": "psirt@paloaltonetworks.com", "url": "https://security.paloaltonetworks.com/CVE-2026-0268"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-424"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,26.2.1)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Prisma Access Agent", "source": "cna", "vendor": "Palo Alto Networks"}, "product": "prisma_access_agent", "vendor": "palo_alto_networks"}, {"configurations": [{"platform": ["windows", "macos", "ios", "android", "chrome_os"], "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Prisma Access Agent", "source": "cna", "vendor": "Palo Alto Networks"}, "product": "prisma_access_agent", "vendor": "palo_alto_networks"}], "created": "2026-06-10T23:00:20.850939+00:00", "updated": "2026-06-10T23:15:28.059227+00:00", "vendors": ["palo_alto_networks", "palo_alto_networks$PRODUCT$prisma_access_agent"]}