Vulnerability Details CVE-2026-0277
An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic.
The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 2.6%
CVSS Severity
CVSS v3 Score 5.9
Products affected by CVE-2026-0277
-
cpe:2.3:a:paloaltonetworks:prisma_access_agent:25.1
-
cpe:2.3:a:paloaltonetworks:prisma_access_agent:25.3
-
cpe:2.3:a:paloaltonetworks:prisma_access_agent:25.3.1
-
cpe:2.3:a:paloaltonetworks:prisma_access_agent:25.4
-
cpe:2.3:a:paloaltonetworks:prisma_access_agent:25.6
-
cpe:2.3:a:paloaltonetworks:prisma_access_agent:25.7
-
cpe:2.3:a:paloaltonetworks:prisma_access_agent:25.7.1
-
cpe:2.3:a:paloaltonetworks:prisma_access_agent:26.1
-
cpe:2.3:a:paloaltonetworks:prisma_access_agent:26.1.1
-
cpe:2.3:a:paloaltonetworks:prisma_access_agent:26.1.2
-
cpe:2.3:a:paloaltonetworks:prisma_access_agent:26.2
-
cpe:2.3:o:apple:iphone_os:-