CVE-2026-0236

UNKNOWN 0.0

Prisma Browser: Code Injection Enables Security Controls Bypass

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated non-admin user to leverage this exposed Apple Event handler to send unauthorized commands to the browser.

CWE	CWE-94
Vendor	palo alto networks
Product	prisma browser
Published	May 13, 2026
Last Updated	May 13, 2026

Stay Ahead of the Next One

Get instant alerts for palo alto networks prisma browser

Be the first to know when new unknown vulnerabilities affecting palo alto networks prisma browser are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Palo Alto Networks / Prisma Browser

0 < 146.16.6.165

References

NVD ↗ CVE.org ↗ EPSS Data ↗

security.paloaltonetworks.com: https://security.paloaltonetworks.com/CVE-2026-0236

Credits

Cisors