Data Loss Prevention Vulnerability in Prisma Access Agent for Windows by Palo Alto Networks
CVE-2026-0278
5.8MEDIUM
Key Information:
- Vendor
Palo Alto Networks
- Status
- Vendor
- CVE Published:
- 9 July 2026
Badges
👾 Exploit Exists
What is CVE-2026-0278?
The Prisma Access Agent for Windows contains multiple failures in its Data Loss Prevention (DLP) component, which allow local users to bypass established DLP policy enforcement controls. This vulnerability does not affect the macOS version of the Prisma Access Agent. Organizations using the affected Windows version should assess their DLP configurations to mitigate potential data security risks.
Affected Version(s)
Prisma Access Agent Windows 24.0 < 26.2.1
Prisma Access Agent macOS All
References
CVSS V4
Score:
5.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Daniel Cuthbert and Vladislav Ovitchinikov from Banco Santander