CVE-2026-0278
Received Received - Intake

Local Privilege Escalation in Prisma Access Agent for Windows

Vulnerability report for CVE-2026-0278, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: Palo Alto Networks, Inc.

Description

Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-10
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
palo_alto_networks prisma_access_agent From 24.0 (inc) to 26.2.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-693 The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

This vulnerability allows a local user to bypass Data Loss Prevention (DLP) policy enforcement controls in the Prisma Access Agent for Windows. Such a bypass could potentially lead to unauthorized data exposure or leakage, which may impact an organization's ability to comply with data protection regulations like GDPR or HIPAA that require strict controls over sensitive data.

However, the provided information does not explicitly state the direct impact on compliance with these standards or regulations.

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.

Mitigation Strategies

To mitigate this vulnerability, Palo Alto Networks recommends upgrading the Prisma Access Agent on Windows to version 26.2.1 or later.

No workarounds are available for this issue, so applying the update is the immediate and effective mitigation step.

Executive Summary

CVE-2026-0278 involves multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows. These failures allow a local user to bypass DLP policy enforcement controls, effectively evading the intended data loss prevention measures.

The vulnerability affects Windows versions of the Prisma Access Agent below 26.2.1, while the macOS version is not impacted.

Impact Analysis

This vulnerability can allow a local user on a Windows system to bypass DLP policy enforcement controls, potentially leading to unauthorized data exfiltration or leakage.

Since the DLP protections can be circumvented, sensitive or confidential information might be exposed or transferred without detection or prevention.

There are no known workarounds, and the issue requires upgrading to Prisma Access Agent version 26.2.1 or later to mitigate the risk.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0278. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart