An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected.
History

Thu, 09 Jul 2026 20:00:00 +0000

Type Values Removed Values Added
Description An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected.
Title Prisma Access Agent: Improper Certificate Validation on iOS
First Time appeared Palo Alto Networks
Palo Alto Networks prisma Access Agent
Weaknesses CWE-295
CPEs cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:*:*:*:iOS:*:*
Vendors & Products Palo Alto Networks
Palo Alto Networks prisma Access Agent
References
Metrics cvssV4_0

{'score': 5.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber'}


cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published:

Updated: 2026-07-09T19:14:50.806Z

Reserved: 2025-11-03T20:44:36.317Z

Link: CVE-2026-0277

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.