Data Loss Prevention Vulnerability in Prisma Access Agent for Windows by Palo Alto Networks
CVE-2026-0278

5.8MEDIUM

Key Information:

Vendor
CVE Published:
9 July 2026

Badges

👾 Exploit Exists

What is CVE-2026-0278?

The Prisma Access Agent for Windows contains multiple failures in its Data Loss Prevention (DLP) component, which allow local users to bypass established DLP policy enforcement controls. This vulnerability does not affect the macOS version of the Prisma Access Agent. Organizations using the affected Windows version should assess their DLP configurations to mitigate potential data security risks.

Affected Version(s)

Prisma Access Agent Windows 24.0 < 26.2.1

Prisma Access Agent macOS All

References

CVSS V4

Score:
5.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Daniel Cuthbert and Vladislav Ovitchinikov from Banco Santander
.