CVE-2026-0246 Overview
CVE-2026-0246 is a local privilege escalation vulnerability in the Palo Alto Networks Prisma Access Agent. The flaw resides in the agent's privilege management mechanism and allows a locally authenticated non-administrative user to elevate privileges. On macOS and Linux, attackers gain root. On Windows, attackers gain NT AUTHORITY\SYSTEM.
Successful exploitation enables arbitrary code execution and reading of sensitive information accessible only to privileged accounts. The vulnerability is classified under [CWE-862] Missing Authorization. The Prisma Access Agent on iOS, Android, and Chrome OS is not affected.
Critical Impact
A standard local user can obtain root or SYSTEM privileges on endpoints running the Prisma Access Agent, leading to full host compromise.
Affected Products
- Palo Alto Networks Prisma Access Agent on Windows
- Palo Alto Networks Prisma Access Agent on macOS
- Palo Alto Networks Prisma Access Agent on Linux
Discovery Timeline
- 2026-05-13 - CVE CVE-2026-0246 published to NVD
- 2026-05-13 - Last updated in NVD database
Technical Details for CVE-2026-0246
Vulnerability Analysis
The Prisma Access Agent runs privileged components on endpoint operating systems to manage VPN connectivity, policy enforcement, and traffic inspection. These components execute as root on Unix-like systems and as NT AUTHORITY\SYSTEM on Windows. The agent's privilege management mechanism fails to enforce proper authorization checks between user-controlled inputs and privileged operations.
A locally authenticated user with no administrative rights can invoke or influence privileged agent functionality. The result is execution of arbitrary code in the security context of the agent's elevated process. Attackers can also read files and memory regions normally restricted to administrator accounts.
Root Cause
The vulnerability is categorized as [CWE-862] Missing Authorization. A privileged code path in the Prisma Access Agent does not validate whether the calling user is permitted to perform the requested action. The privileged service accepts and acts on requests from low-privilege local callers without an authorization barrier.
Attack Vector
Exploitation requires local access and a valid non-administrative account on the target endpoint. No user interaction is required beyond the attacker's own actions. The CVSS vector indicates local attack vector, low attack complexity, and low privileges required, with high impact to confidentiality, integrity, and availability of the vulnerable component.
See the Palo Alto Networks Advisory for vendor technical details. No public proof-of-concept exploit is currently available.
Detection Methods for CVE-2026-0246
Indicators of Compromise
- Unexpected child processes spawned by the Prisma Access Agent service running as root or NT AUTHORITY\SYSTEM.
- New local administrator accounts, scheduled tasks, or persistence artifacts created shortly after Prisma Access Agent activity on the host.
- Access to sensitive files such as /etc/shadow, SAM database, or LSASS memory by processes launched from the agent's binary path.
Detection Strategies
- Monitor process lineage to flag privileged child processes spawned by the Prisma Access Agent that deviate from baseline behavior.
- Correlate local logon events from non-administrative users with subsequent privileged actions on the same host.
- Audit inter-process communication channels exposed by the agent, including local sockets, named pipes, and XPC endpoints, for unauthorized callers.
Monitoring Recommendations
- Enable command-line auditing and process creation logging on all endpoints running the Prisma Access Agent.
- Forward endpoint telemetry to a centralized data lake for retrospective hunting once vendor indicators are published.
- Track outbound connections and credential access patterns following local user logons on affected workstations and servers.
How to Mitigate CVE-2026-0246
Immediate Actions Required
- Inventory all endpoints running the Prisma Access Agent across Windows, macOS, and Linux.
- Apply the fixed version of the Prisma Access Agent as documented in the vendor advisory as soon as it is available in your environment.
- Restrict interactive and remote local logon rights on affected endpoints to reduce the pool of users who can stage an attack.
Patch Information
Palo Alto Networks has published an advisory tracking this issue. Refer to the Palo Alto Networks Advisory for CVE-2026-0246 for the list of fixed Prisma Access Agent versions and upgrade guidance for each supported platform.
Workarounds
- Limit local account creation and enforce least privilege so that only trusted users can authenticate to endpoints running the agent.
- Apply application allowlisting to prevent unauthorized binaries from executing on hosts pending the upgrade.
- Monitor and alert on any modification to the Prisma Access Agent installation directory and service configuration.
# Example: enumerate Prisma Access Agent service status on Windows
sc query "Prisma Access Agent"
# Example: check agent binary integrity on macOS/Linux
ls -l /Applications/PrismaAccess.app 2>/dev/null
ls -l /opt/paloaltonetworks/prisma-access-agent 2>/dev/null
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
