Improper Certificate Validation in Prisma Access Agent for iOS by Palo Alto Networks
CVE-2026-0277

5.7MEDIUM

Key Information:

Vendor
CVE Published:
9 July 2026

Badges

👾 Exploit Exists

What is CVE-2026-0277?

An improper certificate validation flaw in the Prisma Access Agent for iOS exposes users to potential man-in-the-middle (MitM) attacks, allowing unauthorized interception of VPN traffic. This vulnerability highlights the necessity for secure certificate handling to protect sensitive data transmitted over virtual private networks. Other versions of the Prisma Access Agent on platforms like Windows, macOS, Linux, Android, and ChromeOS are not susceptible to this issue.

Affected Version(s)

Prisma Access Agent iOS 0 < 26.2.1

Prisma Access Agent Linux All

References

CVSS V4

Score:
5.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

our internal security research teams
.