Improper Certificate Validation in Prisma Access Agent for iOS by Palo Alto Networks
CVE-2026-0277
5.7MEDIUM
Key Information:
- Vendor
Palo Alto Networks
- Status
- Vendor
- CVE Published:
- 9 July 2026
Badges
👾 Exploit Exists
What is CVE-2026-0277?
An improper certificate validation flaw in the Prisma Access Agent for iOS exposes users to potential man-in-the-middle (MitM) attacks, allowing unauthorized interception of VPN traffic. This vulnerability highlights the necessity for secure certificate handling to protect sensitive data transmitted over virtual private networks. Other versions of the Prisma Access Agent on platforms like Windows, macOS, Linux, Android, and ChromeOS are not susceptible to this issue.
Affected Version(s)
Prisma Access Agent iOS 0 < 26.2.1
Prisma Access Agent Linux All
References
CVSS V4
Score:
5.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
our internal security research teams