CVE-2026-0246

The vulnerability is a missing authorization (CWE-862) in the privilege management mechanism of the Prisma Access Agent. A locally authenticated non-administrative user can bypass authorization checks and escalate privileges to root on macOS/Linux or NT AUTHORITY\SYSTEM on Windows [1].

Exploitation requires only local access with a low-privileged user account; no user interaction or special configuration is needed. Attack complexity is low, and the attack vector is local [1].

Successful exploitation allows the attacker to execute arbitrary code and read sensitive information that is normally accessible only to privileged accounts. The CVSSv4.0 base score is 8.5, reflecting high impacts on confidentiality, integrity, and availability [1].

Palo Alto Networks has released version 26.2.1 for affected platforms (macOS, Linux, Windows). Users should upgrade to mitigate this vulnerability. iOS, Android, and Chrome OS versions are not affected. No malicious exploitation has been reported [1].