Palo Alto Prisma Access Agent 25.x / 26.x < 26.2.1 Authentication Bypass (CVE-2026-0247)

Version 1.2

May 18, 2026, 10:04 AM

CVSS metrics ("Cvssv4 supplemental" set to "CVSS:4.0/AU:N/R:U/V:C/RE:M/U:Amber")
CVSS metrics ("Cvssv4 threat score" set to 5.9)
CVSS metrics ("Cvssv4 threat vector" set to "CVSS:4.0/E:U")
CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C")
CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C")
Exploit attributes ("Exploit available" set to "False")
Exploit attributes ("Exploitability ease" set to "No known exploits are available")