CVE-2026-0268
Received Received - Intake
Security Control Bypass in Prisma Access Agent for Linux

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: Palo Alto Networks, Inc.

Description
A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-11
AI Q&A
2026-06-11
EPSS Evaluated
N/A
NVD
CVE-2026-0268
EUVD
EUVD-2026-36144
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
palo_alto_networks prisma_access_agent linux
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-424 The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a security control bypass in the Prisma Access Agent for Linux. It allows a local attacker to route network traffic outside the VPN tunnel, potentially circumventing the intended secure network path.

It specifically affects the Linux version of the Prisma Access Agent and does not impact versions on Windows, macOS, iOS, Android, or ChromeOS.

Impact Analysis

The vulnerability can allow a local attacker to bypass the VPN tunnel, which means network traffic could be exposed outside the secure VPN environment.

This exposure could lead to interception or manipulation of sensitive data that was expected to be protected by the VPN.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0268. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart