Information disclosure in Palo Alto Networks Prisma Access Agent

CVE-2026-0245

Multiple information disclosure vulnerabilities in Prisma Access Agent® allow a local user to access sensitive configuration data and credentials. The Prisma Access Agent on Linux, ChromeOS, Android, and iOS are not affected.

Vulnerability class: Information Disclosure

EPSS: 0.000 (0.4th percentile) — read the EPSS interpretation.

Affected products

Palo Alto Networks Prisma Access Agent — versions 0, All

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

psirt@paloaltonetworks.com (vendor-advisory)