SB2026061637 - Multiple vulnerabilities in Prisma Access Agent for Linux

Security Bulletin ID SB2026061637

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 vulnerabilities.

1) Incorrect permission assignment for critical resource (CVE-ID: CVE-2026-0271)

CWE-ID: CWE-732 - Incorrect Permission Assignment for Critical Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to incorrect permission assignment for critical resource in the Prisma Access Agent app when running on Linux devices. A local user can execute code to escalate privileges.

No special configuration is required to be affected by this issue.

2) Improper Protection of Alternate Path (CVE-ID: CVE-2026-0268)

CWE-ID: CWE-424 - Improper Protection of Alternate Path

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to route network traffic outside the VPN tunnel.

The vulnerability exists due to improper protection of alternate path in Prisma Access Agent for Linux when enforcing VPN traffic routing. A local user can bypass VPN enforcement to route network traffic outside the VPN tunnel.

No special configuration is required.

Remediation

Install update from vendor's website.

SB2026061637 - Multiple vulnerabilities in Prisma Access Agent for Linux

Breakdown by Severity

Description

Remediation

References

Please verify you're human