Prisma® Browser
CVEs (3)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-0236 | Hig | 0.47 | — | 0.00 | May 13, 2026 | A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated non-admin user to leverage this exposed Apple Event handler to send unauthorized commands to the browser. | |
| CVE-2026-0237 | Hig | 0.47 | — | 0.00 | May 13, 2026 | An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authenticated non-admin user to leverage an exposed communication channel to send unauthorized commands to the browser, bypassing security controls. | |
| CVE-2026-0235 | Med | 0.38 | — | 0.00 | May 13, 2026 | A race condition vulnerability in Palo Alto Networks Prisma® Browser enables a locally authenticated non-admin user to bypass certain access and data control policies. |
- risk 0.47cvss —epss 0.00
A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated non-admin user to leverage this exposed Apple Event handler to send unauthorized commands to the browser.
- risk 0.47cvss —epss 0.00
An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authenticated non-admin user to leverage an exposed communication channel to send unauthorized commands to the browser, bypassing security controls.
- risk 0.38cvss —epss 0.00
A race condition vulnerability in Palo Alto Networks Prisma® Browser enables a locally authenticated non-admin user to bypass certain access and data control policies.