THU 02 JUL 2026 · GMT EDITION A WHITESTONE INTELLIGENCE PUBLICATION
MARKETS · CYBER · MEMOS · MODELS
DAILY ISSUES26 MAY27 MAY28 MAY29 MAY30 MAY31 MAY01 JUN02 JUN03 JUN04 JUN05 JUN06 JUN07 JUN08 JUN09 JUN10 JUN11 JUN12 JUN13 JUN14 JUN15 JUN16 JUN17 JUN18 JUN19 JUN21 JUN22 JUN23 JUN24 JUN25 JUN26 JUN27 JUN28 JUN29 JUN30 JUN01 JUN02 JUNALL ›
FRONT PAGE / CYBER / CYB-2026-05-13-F1
CYBER · ransomware threat groups · 2026-05-13SCOOP 57

CVE-2026-0246: Prisma Access Agent flaw lets non-admin users escalate to root or SYSTEM (Severity: MEDIUM)

Palo Alto Networks' May 13 advisory for CVE-2026-0246 describes a privilege-management flaw in the Prisma Access Agent that enables a locally authenticated non-administrative user to escalate to root on macOS and Linux, .

·FILED 2026-05-13·1 MIN READ·RE-VERIFIED 2026-07-02 UTC·✓ RE-VERIFIED 2026-07-02

At a glance

  • CVE-2026-0246 lets a locally authenticated non-admin user escalate to root (macOS/Linux) or SYSTEM (Windows) via the Prisma Access Agent, per Palo Alto Networks
  • Prisma Access Agent on iOS, Android and Chrome OS is not affected

VERDICT — CONFIRMED

pipeline-backfill confidence · primary + corroborating sources verified · re-verified 2026-07-02 UTC
CVE-2026-0246: Prisma Access Agent flaw lets non-admin users escalate to root or SYSTEM (S
Photo: Namaste jinx · via Wikimedia Commons · CC BY-SA 4.0

Palo Alto Networks' May 13 advisory for CVE-2026-0246 describes a privilege-management flaw in the Prisma Access Agent that enables a locally authenticated non-administrative user to escalate to root on macOS and Linux, or NT AUTHORITY\SYSTEM on Windows, allowing arbitrary code execution and access to sensitive information otherwise reserved for privileged accounts. Per the advisory, the agent on iOS, Android and Chrome OS is not affected. Palo Alto rates the severity MEDIUM.

Key facts on file

  • CVE-2026-0246 lets a locally authenticated non-admin user escalate to root (macOS/Linux) or SYSTEM (Windows) via the Prisma Access Agent, per Palo Alto Networks
  • Prisma Access Agent on iOS, Android and Chrome OS is not affected

PRIMARY SOURCE

Palo Alto Networks — Security Advisories
— (2026-05-13) · fetched at filing · archived at publication
Filed underCVEVULNERABILITY

Sources · two-source rule

Share
Filed by the Cyber desk · verified by the verification desk · re-verified 2026-07-02 · Our standards: the two-source rule ›
CITE THIS FILE — The Dossier Wire · cyb-2026-05-13-f1 · filed 2026-05-13 · https://thedwire.com/wire/cyb-2026-05-13-f1-cve-2026-0246-prisma-access-agent-flaw-lets-non-admin-users.html · Primary and corroborating sources listed above; archived at publication. Republishing & licensing: hello@thedwire.com.
More from Cyber FULL DESK ›
Microsoft's May 2026 Patch Tuesday Fixes ~120+ Flaws With No Zero-Days — Fi
Malwarebytes / Microsoft
CYBER · SCOOP 52

Microsoft's May 2026 Patch Tuesday Fixes ~120+ Flaws With No Zero-Days — First Since June 2024

Microsoft's May 13, 2026 Patch Tuesday addressed a large batch of vulnerabilities with no actively exploited or publicly disclosed zero-days—the first such cycle since June 2024. Tallies varied slightly by source: BleepingComputer and several outlets reported approximately 120 CVEs including 17 critical (with 14 remote-code-execution flaw

✓ verified
READ THE FILE ›
Instructure Pays Ransom After ShinyHunters Breaches Canvas Twice, Claiming 275 M
Inside Higher Ed
CYBER · SCOOP 84

Instructure Pays Ransom After ShinyHunters Breaches Canvas Twice, Claiming 275 Million Records From ~8,800 Schools

Instructure, operator of the Canvas learning-management system, paid a ransom to the extortion group ShinyHunters after two breaches of Canvas within roughly ten days, in what reporting describes as the largest education-sector data incident on record. ShinyHunters claimed to have stolen 3.65 TB of data on approximately 275 million users

✓ verified
READ THE FILE ›
Cyber desk illustration
Generated desk illustration · not a photograph
CYBER · SCOOP 55

Fortinet: FortiClient Windows flaw lets local attacker decrypt a logged-in user's saved VPN password (CVSSv3 2.1)

Fortinet advisory FG-IR-26-129, revised May 12, describes a missing-authorization weakness (CWE-862) in FortiClient for Windows that may allow an authenticated local attacker to decrypt a currently logged-in user's VPN password via an unprotected DLL function. The advisory title ties the issue to a hardcoded encryption key used for saved

✓ verifiednewSOURCE ↗
READ THE FILE ›

The morning wire in your inbox — every brief, primary sources linked, no noise.

Free tier. The Wire — continuous desk briefs · Records archive · Bureau alerts.

Stored to the wire's subscriber list. No spam, unsubscribe any time.