Back to overview

CVE-2026-0277

MEDIUM
5.7
CVSS 4.0
Description
An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected.

Metadata

CVE ID
CVE-2026-0277
State
PUBLISHED
Assigner
palo_alto
Reserved
2025-11-03 20:44 UTC
Published
2026-07-09 19:14 UTC
Last updated
2026-07-09 19:14 UTC
Primary CWE
CWE-295
CWE-295 Improper Certificate Validation
Vendor / Product
Palo Alto Networks / Prisma Access Agent
Sources
cve.org  ·  NVD

Severity & Metrics

5.7 MEDIUM CVSS 4.0
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber
Affected products (2)
VendorProductPlatformVersions
Palo Alto Networks Prisma Access Agent iOS 0 < 26.2.1
Palo Alto Networks Prisma Access Agent Linux,Windows,macOS,Android,ChromeOS All
Weakness (CWE)
CWESourceDescription
CWE-295 cna CWE-295 Improper Certificate Validation
CVSS scores (1)
ScoreSeverityVersionSourceVector
5.7 MEDIUM 4.0 cna CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber
Back to overview