An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic.

The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected.

Project Subscriptions

Vendors Products
Palo Alto Networks Subscribe
Prisma Access Agent Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 09 Jul 2026 20:00:00 +0000

Type Values Removed Values Added
Description An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected.
Title Prisma Access Agent: Improper Certificate Validation on iOS
First Time appeared Palo Alto Networks
Palo Alto Networks prisma Access Agent
Weaknesses CWE-295
CPEs cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:*:*:*:iOS:*:*
Vendors & Products Palo Alto Networks
Palo Alto Networks prisma Access Agent
References
Metrics cvssV4_0

{'score': 5.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published:

Updated: 2026-07-09T19:14:50.806Z

Reserved: 2025-11-03T20:44:36.317Z

Link: CVE-2026-0277

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses