CVE-2026-0277
Received Received - Intake

Improper Certificate Validation in Prisma Access Agent for iOS

Vulnerability report for CVE-2026-0277, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: Palo Alto Networks, Inc.

Description

An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-10
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
palo_alto_networks prisma_access_agent to 26.2.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-0277 is an improper certificate validation vulnerability found in the Prisma Access Agent for iOS. This flaw allows an attacker to perform a man-in-the-middle (MitM) attack, enabling them to intercept VPN traffic that should be secure.

The vulnerability specifically affects the iOS version of the Prisma Access Agent below version 26.2.1. Other platforms such as Windows, macOS, Linux, Android, and ChromeOS are not affected.

Mitigation Strategies

To mitigate this vulnerability, upgrade the Prisma Access Agent for iOS to version 26.2.1 or later.

No workarounds are available, so applying the update is the only effective mitigation.

Ensure that only trusted networks are used when connecting with the Prisma Access Agent on iOS to reduce the risk of man-in-the-middle attacks.

Impact Analysis

This vulnerability can impact you by allowing an attacker positioned on an adjacent network to intercept your VPN traffic through a man-in-the-middle attack. This means sensitive data transmitted over the VPN could be exposed or manipulated.

Exploitation requires the attacker to be on a network close to the victim, but no user interaction is needed. There are no known workarounds, so upgrading to version 26.2.1 or later is necessary to mitigate the risk.

Detection Guidance

This vulnerability affects the Prisma Access Agent for iOS versions below 26.2.1 and involves improper certificate validation that allows man-in-the-middle attacks on VPN traffic.

There are no specific detection commands or network indicators provided to identify exploitation or presence of this vulnerability on your network or system.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0277. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart