CVE-2026-0246: Prisma Access Agent flaw lets non-admin users escalate to root or SYSTEM (Severity: MEDIUM)
Palo Alto Networks' May 13 advisory for CVE-2026-0246 describes a privilege-management flaw in the Prisma Access Agent that enables a locally authenticated non-administrative user to escalate to root on macOS and Linux, .
At a glance
- CVE-2026-0246 lets a locally authenticated non-admin user escalate to root (macOS/Linux) or SYSTEM (Windows) via the Prisma Access Agent, per Palo Alto Networks
- Prisma Access Agent on iOS, Android and Chrome OS is not affected
VERDICT — CONFIRMED

Palo Alto Networks' May 13 advisory for CVE-2026-0246 describes a privilege-management flaw in the Prisma Access Agent that enables a locally authenticated non-administrative user to escalate to root on macOS and Linux, or NT AUTHORITY\SYSTEM on Windows, allowing arbitrary code execution and access to sensitive information otherwise reserved for privileged accounts. Per the advisory, the agent on iOS, Android and Chrome OS is not affected. Palo Alto rates the severity MEDIUM.
Key facts on file
- CVE-2026-0246 lets a locally authenticated non-admin user escalate to root (macOS/Linux) or SYSTEM (Windows) via the Prisma Access Agent, per Palo Alto Networks
- Prisma Access Agent on iOS, Android and Chrome OS is not affected

