Race Condition Vulnerability in Palo Alto Networks Prisma® Browser Affects User Access Controls
CVE-2026-0235

5.8MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Prisma Browser
Vendor: CVE Published:; 13 May 2026

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2026-0235?

A race condition vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to bypass specific access and data control policies. This flaw could lead to unauthorized access to sensitive data or functionalities within the application, posing significant risks to data integrity and user privacy.

Affected Version(s)

Prisma Browser 0 < 146.16.6.165

References

https://security.paloaltonetworks.com/CVE-2026-0235

vendor-advisory

CVSS V4

Score:

5.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 13, 2026
Vulnerability published
May 13, 2026
Vulnerability Reserved
Nov 3, 2025

Credit

Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group

CVE-2026-0235 Data

JSON