CVE-2026-0245 Overview
CVE-2026-0245 describes multiple information disclosure vulnerabilities in the Palo Alto Networks Prisma Access Agent. A local authenticated user can read sensitive configuration data and credentials stored or processed by the agent. The flaw is classified under [CWE-200] Exposure of Sensitive Information to an Unauthorized Actor.
The issue affects desktop versions of the Prisma Access Agent. The Linux, ChromeOS, Android, and iOS builds of the agent are not affected. Exploitation requires local access with low privileges and no user interaction, but the disclosed credentials can enable follow-on attacks against the Prisma Access tenant.
Critical Impact
Local users can extract Prisma Access Agent configuration data and credentials, providing material for lateral movement and tenant compromise.
Affected Products
- Palo Alto Networks Prisma Access Agent on Windows
- Palo Alto Networks Prisma Access Agent on macOS
- Prisma Access Agent on Linux, ChromeOS, Android, and iOS are NOT affected
Discovery Timeline
- 2026-05-13 - CVE CVE-2026-0245 published to NVD
- 2026-05-13 - Last updated in NVD database
Technical Details for CVE-2026-0245
Vulnerability Analysis
The Prisma Access Agent stores or exposes configuration data and credentials in a manner accessible to local users on the same host. According to the Palo Alto Networks advisory, the issue covers multiple distinct disclosure paths that share the same underlying weakness: sensitive data is reachable without the access controls expected for credential material.
The vulnerability is mapped to [CWE-200], indicating an exposure of sensitive information rather than a memory corruption or code execution defect. The agent processes authentication tokens, tenant identifiers, and connection parameters required to establish Prisma Access tunnels. When this material is recoverable by an unprivileged local account, it bypasses the trust boundary the agent is intended to enforce.
Root Cause
The root cause is improper protection of sensitive artifacts handled by the agent on Windows and macOS endpoints. Configuration files, in-memory data, or operating system primitives used by the agent do not restrict access to the SYSTEM or root context that owns the secrets. Any signed-in user can read the data without elevating privileges.
Attack Vector
An attacker must have a local, authenticated session on a host running the affected Prisma Access Agent. From that session, the attacker reads files, queries process memory, or inspects operating system data structures used by the agent. The harvested credentials can then be replayed against Prisma Access services to impersonate the user or device.
No verified public exploit code is available. See the Palo Alto Networks CVE-2026-0245 Advisory for vendor technical details and fixed versions.
Detection Methods for CVE-2026-0245
Indicators of Compromise
- Unexpected read access by non-administrative processes to Prisma Access Agent configuration directories or registry hives on Windows and macOS
- Local processes invoking credential-dumping utilities, scripting interpreters, or debuggers against the Prisma Access Agent process
- Anomalous Prisma Access authentication events originating from new device fingerprints or IP addresses for a known user
Detection Strategies
- Audit file and registry access to Prisma Access Agent installation paths and user-profile data stores; alert on access by non-agent processes
- Monitor for handle-open and memory-read operations targeting the agent process by unprivileged user contexts
- Correlate endpoint telemetry with Prisma Access tenant logs to detect credential reuse from unexpected hosts
Monitoring Recommendations
- Forward Prisma Access Agent and endpoint process telemetry to a centralized SIEM or data lake for cross-source correlation
- Track Prisma Access sign-in anomalies including impossible-travel events, new device enrollments, and concurrent sessions
- Review local privilege escalation and discovery activity on hosts running the agent, since this disclosure is typically chained with later stages
How to Mitigate CVE-2026-0245
Immediate Actions Required
- Inventory all Windows and macOS endpoints running the Prisma Access Agent and confirm installed versions against the vendor advisory
- Upgrade the Prisma Access Agent to the fixed release identified in the Palo Alto Networks CVE-2026-0245 Advisory
- Rotate any Prisma Access user or device credentials suspected of exposure on multi-user or shared hosts
Patch Information
Palo Alto Networks has published fixed versions in the vendor advisory. Refer to the Palo Alto Networks CVE-2026-0245 Advisory for the specific patched build numbers for Windows and macOS Prisma Access Agent installations.
Workarounds
- Restrict interactive logon on endpoints running the agent to a single trusted user where feasible
- Enforce least-privilege policies and remove local administrator rights from standard users to limit follow-on abuse of disclosed credentials
- Apply conditional access policies in Prisma Access to require device posture checks and reduce the value of stolen credentials
# Example: query installed Prisma Access Agent version on Windows
Get-ItemProperty "HKLM:\SOFTWARE\Palo Alto Networks\Prisma Access Agent" |
Select-Object DisplayName, DisplayVersion
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
