{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/prisma-access-agent/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Prisma Access Agent"],"_cs_severities":["medium"],"_cs_tags":["cve-2026-0245","information-disclosure","prisma-access-agent"],"_cs_type":"advisory","_cs_vendors":["Palo Alto Networks"],"content_html":"\u003cp\u003ePalo Alto Networks has disclosed CVE-2026-0245, a set of information disclosure vulnerabilities affecting Prisma Access Agent versions prior to 26.2.1 on macOS and Windows. A local attacker with low privileges could potentially exploit these vulnerabilities to gain access to sensitive configuration data and credentials stored by the agent. The Prisma Access Agent versions running on Linux, Android, ChromeOS, and iOS are not affected. Palo Alto Networks is not aware of any malicious exploitation of these issues.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eA local user gains access to a system with a vulnerable version of Prisma Access Agent installed (versions \u0026lt; 26.2.1 on macOS or Windows).\u003c/li\u003e\n\u003cli\u003eThe attacker leverages a low-complexity attack vector to interact with the Prisma Access Agent.\u003c/li\u003e\n\u003cli\u003eDue to insufficient access controls or data protection mechanisms, the attacker is able to access sensitive configuration files or memory regions used by the agent.\u003c/li\u003e\n\u003cli\u003eThe attacker successfully extracts sensitive information, which may include credentials, API keys, or other configuration parameters.\u003c/li\u003e\n\u003cli\u003eThe attacker analyzes the disclosed data to identify valuable assets or potential attack vectors within the organization\u0026rsquo;s network.\u003c/li\u003e\n\u003cli\u003eThe attacker may use the stolen credentials to impersonate legitimate users or services, gaining unauthorized access to protected resources.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-0245 allows a local attacker to access sensitive configuration data and credentials stored by the Prisma Access Agent. This information could be used to gain unauthorized access to the organization\u0026rsquo;s network or cloud resources, potentially leading to data breaches, service disruptions, or other security incidents.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Prisma Access Agent to version 26.2.1 or later on macOS and Windows systems to remediate CVE-2026-0245.\u003c/li\u003e\n\u003cli\u003eMonitor systems for unauthorized access to Prisma Access Agent configuration files or memory regions.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious Prisma Access Agent Configuration Access\u003c/code\u003e to detect potential exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T16:08:37Z","date_published":"2026-05-13T16:08:37Z","id":"https://feed.craftedsignal.io/briefs/2026-05-prisma-access-info-disclosure/","summary":"CVE-2026-0245 describes multiple information disclosure vulnerabilities in Palo Alto Networks Prisma Access Agent before version 26.2.1 on macOS and Windows, allowing a local user to access sensitive configuration data and credentials.","title":"CVE-2026-0245 Prisma Access Agent Information Disclosure Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-prisma-access-info-disclosure/"}],"language":"en","title":"CraftedSignal Threat Feed — Prisma-Access-Agent","version":"https://jsonfeed.org/version/1.1"}