CVE-2026-0246: CWE-862 Missing Authorization in Palo Alto Networks Prisma Access Agent
A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. This allows the user to execute arbitrary code and read sensitive information otherwise accessible only to privileged accounts. The Prisma Access Agent on iOS, Android and Chrome OS are not affected.
AI Analysis
Technical Summary
This vulnerability (CWE-862) in the Palo Alto Networks Prisma Access Agent involves missing authorization checks in the privilege management mechanism. It enables a locally authenticated user without administrative rights to escalate privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. This escalation allows execution of arbitrary code and access to sensitive data restricted to privileged accounts. The issue is limited to desktop operating systems and does not impact mobile or Chrome OS versions of the agent. No patch or official remediation level has been published by the vendor as of now.
Potential Impact
An attacker with local non-administrative access can escalate privileges to the highest system level, potentially leading to full system compromise. This includes executing arbitrary code with elevated privileges and accessing sensitive information normally restricted to administrators. The vulnerability affects macOS, Linux, and Windows versions of the Prisma Access Agent. The Prisma Access Agent on iOS, Android, and Chrome OS are not impacted. There are no known public exploits currently.
Mitigation Recommendations
Patch status is not yet confirmed — check the Palo Alto Networks vendor advisory for current remediation guidance. Until an official fix is released, restrict local access to trusted users only and monitor for suspicious activity related to privilege escalation attempts. Do not assume the vulnerability is mitigated without vendor confirmation.
CVE-2026-0246: CWE-862 Missing Authorization in Palo Alto Networks Prisma Access Agent
Description
A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. This allows the user to execute arbitrary code and read sensitive information otherwise accessible only to privileged accounts. The Prisma Access Agent on iOS, Android and Chrome OS are not affected.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CWE-862) in the Palo Alto Networks Prisma Access Agent involves missing authorization checks in the privilege management mechanism. It enables a locally authenticated user without administrative rights to escalate privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. This escalation allows execution of arbitrary code and access to sensitive data restricted to privileged accounts. The issue is limited to desktop operating systems and does not impact mobile or Chrome OS versions of the agent. No patch or official remediation level has been published by the vendor as of now.
Potential Impact
An attacker with local non-administrative access can escalate privileges to the highest system level, potentially leading to full system compromise. This includes executing arbitrary code with elevated privileges and accessing sensitive information normally restricted to administrators. The vulnerability affects macOS, Linux, and Windows versions of the Prisma Access Agent. The Prisma Access Agent on iOS, Android, and Chrome OS are not impacted. There are no known public exploits currently.
Mitigation Recommendations
Patch status is not yet confirmed — check the Palo Alto Networks vendor advisory for current remediation guidance. Until an official fix is released, restrict local access to trusted users only and monitor for suspicious activity related to privilege escalation attempts. Do not assume the vulnerability is mitigated without vendor confirmation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- palo_alto
- Date Reserved
- 2025-11-03T20:44:07.240Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a04cf37cbff5d8610004097
Added to database: 5/13/2026, 7:21:27 PM
Last enriched: 5/13/2026, 7:37:08 PM
Last updated: 5/14/2026, 6:45:22 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.