CVE-2026-0268

Vulnerability

A security control bypass vulnerability exists in the Prisma Access Agent for Linux. This issue allows a local attacker to route network traffic outside of the established VPN tunnel. This vulnerability affects Prisma Access Agent versions prior to 26.2.1 on Linux. No special configuration is required for exposure [1].

Exploitation

An attacker with local access and low privileges on a Linux system running a vulnerable Prisma Access Agent can exploit this vulnerability. The attacker needs to be able to execute commands on the system. No user interaction is required, and the attack is automatable [1].

Impact

Successful exploitation allows a local attacker to route network traffic outside the VPN tunnel, potentially bypassing security controls and accessing resources that should be protected. This could lead to a high impact on product confidentiality, as sensitive traffic might be exposed [1].

Mitigation

Prisma Access Agent versions 25.7 through 26.2.0 on Linux are affected. Users should upgrade to Prisma Access Agent version 26.2.1 or later to address this vulnerability. Palo Alto Networks is not aware of any malicious exploitation of this issue [1].