Improper Cert Validation in Prisma Access Agent iOS Enables MitM
CVE-2026-0277 Published on July 9, 2026
Prisma Access Agent: Improper Certificate Validation on iOS
An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic.
The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected.
Timeline
Initial Publication
Weakness Type
Improper Certificate Validation
The software does not validate, or incorrectly validates, a certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.
Products Associated with CVE-2026-0277
Want to know whenever a new CVE is published for Palo Alto Networks Prisma Access Agent? stack.watch will email you.
Affected Versions
Palo Alto Networks Prisma Access Agent:- Before 26.2.1 is affected.
- Version All is unaffected.