CVE-2026-0268: CWE-424 Improper Protection of Alternate Path in Palo Alto Networks Prisma Access Agent
A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.
AI Analysis
Technical Summary
This vulnerability (CWE-424) in Palo Alto Networks Prisma Access Agent for Linux enables a local attacker to bypass security controls by routing network traffic outside the VPN tunnel. The issue is specific to the Linux version of the agent and does not impact other supported operating systems. No official remediation or patch information is currently available, and no known exploits are reported in the wild.
Potential Impact
An attacker with local access to a Linux system running Prisma Access Agent could route traffic outside the VPN tunnel, potentially exposing sensitive data or circumventing network security policies enforced by the VPN. The impact is limited to local privilege scenarios and does not affect other operating systems.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict local access to systems running the Prisma Access Agent for Linux and monitor for unusual network routing behavior.
CVE-2026-0268: CWE-424 Improper Protection of Alternate Path in Palo Alto Networks Prisma Access Agent
Description
A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.
CVSS v4.0
Score 4.4medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CWE-424) in Palo Alto Networks Prisma Access Agent for Linux enables a local attacker to bypass security controls by routing network traffic outside the VPN tunnel. The issue is specific to the Linux version of the agent and does not impact other supported operating systems. No official remediation or patch information is currently available, and no known exploits are reported in the wild.
Potential Impact
An attacker with local access to a Linux system running Prisma Access Agent could route traffic outside the VPN tunnel, potentially exposing sensitive data or circumventing network security policies enforced by the VPN. The impact is limited to local privilege scenarios and does not affect other operating systems.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict local access to systems running the Prisma Access Agent for Linux and monitor for unusual network routing behavior.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- palo_alto
- Date Reserved
- 2025-11-03T20:44:28.362Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a29d0220e53e738839869a1
Added to database: 6/10/2026, 8:59:14 PM
Last enriched: 6/10/2026, 9:15:55 PM
Last updated: 6/10/2026, 11:59:37 PM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.