Skip to content
Threat Feed
medium advisory

CVE-2026-0247 Prisma Access Agent Endpoint DLP: Authorization Bypass Vulnerabilities

Multiple authorization bypass vulnerabilities exist in the Endpoint DLP component of Prisma Access Agent, allowing a local attacker to bypass authentication controls and execute privileged operations on macOS and Windows systems with Endpoint DLP enabled; versions prior to 26.2.1 are affected.

Palo Alto Networks has disclosed CVE-2026-0247, a set of authorization bypass vulnerabilities affecting the Endpoint DLP component of Prisma Access Agent. A local attacker can exploit these flaws to bypass authentication mechanisms and execute privileged operations. The vulnerabilities affect Prisma Access Agent versions prior to 26.2.1 on both macOS and Windows. Successful exploitation requires Endpoint DLP to be enabled on the target system. Palo Alto Networks internally discovered and reported the issue. Defenders should upgrade to version 26.2.1 or later.

Attack Chain

  1. Attacker gains local access to a system with a vulnerable version of Prisma Access Agent and with Endpoint DLP enabled.
  2. Attacker identifies the specific privileged operations within the Endpoint DLP component that lack proper authentication.
  3. Attacker crafts a malicious payload or script to interact with the vulnerable Endpoint DLP component.
  4. The attacker executes the payload locally, exploiting the missing authentication checks.
  5. The Prisma Access Agent Endpoint DLP component processes the attacker’s request without proper authorization.
  6. Attacker successfully bypasses intended DLP policies, potentially allowing unauthorized data access or exfiltration.
  7. Attacker leverages the escalated privileges to perform sensitive actions on the system.

Impact

Successful exploitation of CVE-2026-0247 allows a local attacker to bypass Endpoint DLP restrictions and potentially exfiltrate sensitive data from a compromised system. This could lead to the exposure of confidential information. Palo Alto Networks is not aware of any malicious exploitation of these issues.

Recommendation

  • Upgrade Prisma Access Agent to version 26.2.1 or later on both macOS and Windows systems to remediate CVE-2026-0247.
  • Enable Sysmon process creation logging to detect suspicious process execution related to DLP bypass attempts.
  • Deploy the Sigma rules in this brief to your SIEM and tune for your environment.

Detection coverage 2

Detect CVE-2026-0247 Exploitation Attempt — Prisma Access Agent DLP Bypass (macOS)

medium

Detects potential exploitation attempts of CVE-2026-0247 on macOS by monitoring for suspicious process executions interacting with Prisma Access Agent Endpoint DLP.

sigma tactics: privilege_escalation techniques: T1068 sources: process_creation, macos

Detect CVE-2026-0247 Exploitation Attempt — Prisma Access Agent DLP Bypass (Windows)

medium

Detects potential exploitation attempts of CVE-2026-0247 on Windows by monitoring for suspicious process executions interacting with Prisma Access Agent Endpoint DLP.

sigma tactics: privilege_escalation techniques: T1068 sources: process_creation, windows

Detection queries are available on the platform. Get full rules →