Improper Cert Validation in Prisma Access Agent iOS Enables MitM
CVE-2026-0277 Published on July 9, 2026

Prisma Access Agent: Improper Certificate Validation on iOS
An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected.

Vendor Advisory NVD

Timeline

Initial Publication

Weakness Type

Improper Certificate Validation

The software does not validate, or incorrectly validates, a certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.


Products Associated with CVE-2026-0277

Want to know whenever a new CVE is published for Palo Alto Networks Prisma Access Agent? stack.watch will email you.

 

Affected Versions

Palo Alto Networks Prisma Access Agent: Palo Alto Networks Prisma Access Agent: