Palo Alto Networks Prisma Access Agent Endpoint DLP Authorization Bypass Vulnerabilities

Multiple authorization bypass vulnerabilities have been identified in the Endpoint DLP component of Prisma Access Agent, affecting versions 25.0.0 prior to 26.2.1 on both macOS and Windows. These vulnerabilities allow local attackers to bypass authentication controls and execute privileged operations. The issue arises when Endpoint DLP is enabled, creating an opportunity for privilege abuse by exploiting missing authentication for critical functions.

Impact

Exploitation of these vulnerabilities could lead to unauthorized access to privileged operations, allowing local attackers to manipulate or control aspects of the application or system that are normally restricted.

Remediation

Users can upgrade to version 26.2.1 or later to address these vulnerabilities. Instructions for downloading the latest version can be found on the Palo Alto Networks support site.