PT-2026-40772 · Palo Alto Networks · Prisma Access Agent
Published
2026-05-13
·
Updated
2026-05-13
·
CVE-2026-0248
CVSS v4.0
6.2
Medium
| Vector | AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:U/AU:Y/R:A/V:D/RE:M/U:Amber |
An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can capture sensitive device information.
The Prisma Access Agent on macOS, Windows, Linux and iOS are not affected.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Prisma Access Agent