Skip to main content
CVE Vulnerability Database

CVE-2026-0268: Prisma Access Agent Auth Bypass Flaw

CVE-2026-0268 is an authentication bypass vulnerability in Prisma Access Agent for Linux that allows local attackers to route traffic outside the VPN tunnel. This article covers technical details, affected versions, and mitigations.

Published:

CVE-2026-0268 Overview

CVE-2026-0268 is a security control bypass vulnerability in the Palo Alto Networks Prisma Access Agent for Linux. A local attacker with low privileges can route network traffic outside the VPN tunnel, circumventing the agent's split-tunnel and traffic enforcement controls. The flaw is categorized under [CWE-424] (Improper Protection of Alternate Path).

The vulnerability only affects the Linux build of the Prisma Access Agent. Installations on Windows, macOS, iOS, Android, and ChromeOS are not impacted. Exploitation requires local access to the endpoint and results in confidentiality exposure of traffic that should have traversed the enterprise VPN.

Critical Impact

A local user on a Linux endpoint can bypass VPN enforcement and send traffic over an uncontrolled network path, exposing data intended for inspection and policy enforcement by Prisma Access.

Affected Products

  • Palo Alto Networks Prisma Access Agent for Linux
  • Not affected: Prisma Access Agent on Windows, macOS, iOS, Android, and ChromeOS
  • Refer to the Palo Alto Networks Advisory for specific affected versions

Discovery Timeline

  • 2026-06-10 - CVE-2026-0268 published to NVD
  • 2026-06-10 - Last updated in NVD database

Technical Details for CVE-2026-0268

Vulnerability Analysis

The Prisma Access Agent is responsible for establishing a secure VPN tunnel and enforcing that protected traffic flows through that tunnel. On Linux, the agent fails to fully constrain network paths available to local users. An attacker who already has shell access on the endpoint can manipulate the local network environment so that traffic intended for the VPN traverses an alternate route.

The weakness maps to [CWE-424] Improper Protection of Alternate Path. The agent assumes that once the tunnel is established, no parallel path can be used for protected destinations. That assumption does not hold on Linux, where routing and interface controls remain modifiable by local users with sufficient permissions on networking primitives.

Root Cause

The root cause is incomplete enforcement of the tunnel as the exclusive path for protected traffic. The Linux agent does not adequately lock down routing table entries, interface metrics, or policy routing rules that the operating system uses to choose an outbound interface. A local actor can introduce or modify these constructs to redirect flows away from the tunnel device while the agent reports a healthy connection.

Attack Vector

The attack vector is local. The actor needs an existing session on the Linux host running the Prisma Access Agent. No user interaction is required, and the attack complexity is low. The impact is limited to confidentiality of network traffic that should have been routed through Prisma Access for inspection, logging, and policy enforcement. Integrity and availability of the agent itself are not affected.

No public exploit code is available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Technical specifics on the bypass mechanism are not disclosed in the vendor advisory.

Detection Methods for CVE-2026-0268

Indicators of Compromise

  • Unexpected modifications to routing tables (ip route), policy routing rules (ip rule), or interface metrics on Linux endpoints running the Prisma Access Agent
  • Outbound connections to corporate or SaaS destinations that bypass the Prisma Access tunnel interface
  • Discrepancies between traffic logged by Prisma Access and traffic observed at the host or upstream network sensors

Detection Strategies

  • Compare per-endpoint connection telemetry against Prisma Access logs to identify flows that should have been tunneled but were not
  • Monitor process execution for invocations of ip, route, iptables, nft, or resolvectl by non-administrative users on managed Linux hosts
  • Alert on changes to /etc/iproute2/rt_tables, network namespace creation, and modifications to interface configuration after agent startup

Monitoring Recommendations

  • Enable host-based auditing (auditd) for syscalls and binaries that alter routing and netfilter state
  • Forward Linux endpoint network and process telemetry to a central data lake for correlation with Prisma Access flow records
  • Track agent health and tunnel state and treat agent-up plus out-of-tunnel egress as a high-priority signal

How to Mitigate CVE-2026-0268

Immediate Actions Required

  • Identify all Linux endpoints running the Prisma Access Agent and inventory their installed versions
  • Apply the fixed version published in the Palo Alto Networks Advisory as soon as it is available for your channel
  • Restrict local administrative and network-capability privileges (CAP_NET_ADMIN, CAP_NET_RAW) on managed Linux hosts to reduce who can manipulate routing

Patch Information

Palo Alto Networks has published advisory CVE-2026-0268 with remediation guidance. Consult the Palo Alto Networks Advisory for the fixed Prisma Access Agent for Linux versions and upgrade instructions. No patch hash or version string is provided in the NVD record at this time.

Workarounds

  • Limit shell access on Linux endpoints to trusted administrators and remove sudo rights to networking utilities for standard users
  • Enforce host firewall rules that block egress on non-tunnel interfaces for destinations that must traverse Prisma Access
  • Use endpoint configuration management to continuously reconcile routing tables and detect unauthorized modifications
bash
# Example: verify the Prisma Access tunnel interface is the default route
# and alert if traffic to a protected subnet uses a different interface
ip route show default
ip route get 10.0.0.0

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.