{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0248", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2025-11-03T20:44:09.168Z", "datePublished": "2026-05-13T19:05:00.190Z", "dateUpdated": "2026-05-13T19:29:24.329Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-05-13T19:05:00.190Z"}, "title": "Prisma Access Agent: Improper Certificate Validation Vulnerability", "datePublic": "2026-05-13T16:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-94", "descriptions": [{"lang": "en", "value": "CAPEC-94 Adversary in the Middle (AiTM)"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Prisma Access Agent", "platforms": ["Android", "Chrome OS"], "versions": [{"status": "affected", "version": "0", "lessThan": "26.2.1", "changes": [{"at": "26.2.1", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "Prisma Access Agent", "platforms": ["iOS", "Linux", "macOS", "Windows"], "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:android:*:*:*:*:*", "versionStartIncluding": "0", "versionEndExcluding": "26.2.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:chrome_os:*:*:*:*:*", "versionStartIncluding": "0", "versionEndExcluding": "26.2.1"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:ios:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:linux:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:macos:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:windows:*:*:*:*:*"}]}]}], "descriptions": [{"lang": "en", "value": "An improper certificate validation vulnerability in the Prisma Access Agent\u00ae for Android and Chrome OS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can capture sensitive device information.\n\n\n\nThe Prisma Access Agent on macOS, Windows, Linux and iOS are not affected.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>An improper certificate validation vulnerability in the Prisma Access Agent\u00ae for Android and Chrome OS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can capture sensitive device information.</p><p>The Prisma Access Agent on macOS, Windows, Linux and iOS are not affected.</p>"}]}], "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0248", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "Safety": "NOT_DEFINED", "Automatable": "YES", "Recovery": "AUTOMATIC", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "AMBER", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.2, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:U/AU:Y/R:A/V:D/RE:M/U:Amber"}}], "configurations": [{"lang": "eng", "value": "No special configuration is required.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>No special configuration is required.</p>"}]}], "workarounds": [{"lang": "eng", "value": "No known workarounds exist for this issue.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>No known workarounds exist for this issue.</p>"}]}], "solutions": [{"lang": "eng", "value": "Version Minor Version Suggested Solution\nPrisma Access Agent on Android 25.0 through 26.2 Upgrade to 26.2.1 or later.\nPrisma Access Agent Chrome OS 25.0 through 26.2 Upgrade to 26.2.1 or later.\nPrisma Access Agent on iOS No action needed\nPrisma Access Agent on Linux No action needed\nPrisma Access Agent on macOS No action needed\nPrisma Access Agent on Windows No action needed", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<table class=\"tbl\"><tr><td>Version</td><td>Minor Version</td><td>Suggested Solution</td></tr><tr><td>Prisma Access Agent on Android</td><td>25.0 through 26.2</td><td>Upgrade to 26.2.1 or later.</td></tr><tr><td>Prisma Access Agent Chrome OS</td><td>25.0 through 26.2</td><td>Upgrade to 26.2.1 or later.</td></tr><tr><td>Prisma Access Agent on iOS</td><td><br></td><td>No action needed</td></tr><tr><td>Prisma Access Agent on Linux</td><td><br></td><td>No action needed</td></tr><tr><td>Prisma Access Agent on macOS</td><td><br></td><td>No action needed</td></tr><tr><td>Prisma Access Agent on Windows</td><td><br></td><td>No action needed</td></tr></table>"}]}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>"}]}], "timeline": [{"time": "2026-05-13T16:00:00.000Z", "lang": "en", "value": "Initial publication."}], "credits": [{"lang": "en", "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.", "type": "other"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "x_affectedList": ["Prisma Access Agent 26.2.0"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-13T19:17:42.438347Z", "id": "CVE-2026-0248", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-13T19:29:24.329Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An improper certificate validation vulnerability in the Prisma Access Agent\u00ae for Android and Chrome OS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can capture sensitive device information.\n\n\n\nThe Prisma Access Agent on macOS, Windows, Linux and iOS are not affected."}], "id": "CVE-2026-0248", "lastModified": "2026-05-13T19:16:58.920", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2026-05-13T19:16:58.920", "references": [{"source": "psirt@paloaltonetworks.com", "url": "https://security.paloaltonetworks.com/CVE-2026-0248"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}

{}

{}