PT-2026-56529 · Undefined · Undefined

Published

2026-07-08

·

Updated

2026-07-08

·

CVE-2026-0278

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Heads up for anyone running Prisma Access Agent on Windows endpoints. Palo Alto put out an advisory yesterday (Jul 8) for CVE-2026-0278, a set of DLP policy bypass issues in the Windows agent. Short version: the agent's data loss prevention controls can be circumvented, so traffic/data your DLP policies are supposed to block can slip through on affected Windows builds.
Affected: Prisma Access Agent on Windows, 24.0 through 26.2 Fixed in: 26.2.1 or later macOS agent isn't affected, no action needed there.
No workarounds on this one, so patching is the move. If you've got a fleet of Windows endpoints on the agent, worth pushing the update sooner rather than later. Nothing about exploitation in the wild that I've seen, but DLP bypass is easy to miss since the agent keeps running fine, you just quietly lose a control you assumed was in place.
Side note, I run a small advisory tracker (VulniPulse) and there's a Discord for exactly this. If you want alerts like this hitting your inbox the second they drop, join the server and add the Palo Alto CVE alert, it'll ping you in Discord and email you the moment a new one lands, same as it did when this one hit. discord.gg/r2Y5kHsfMr
Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2026-0278

Affected Products

Undefined