Code Injection Vulnerability in Palo Alto Networks Prisma Browser for macOS
CVE-2026-0236

7.3HIGH

Key Information:

Vendor: Palo Alto Networks
Status: Prisma Browser
Vendor: CVE Published:; 13 May 2026

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2026-0236?

A code injection vulnerability has been identified in Palo Alto Networks' Prisma Browser on macOS. This vulnerability arises from inadequate restrictions on its AppleScript interface. A locally authenticated, non-admin user can exploit this security flaw to send unauthorized commands to the browser through the exposed Apple Event handler. This may lead to unauthorized actions or modifications within the browser, highlighting the need for prompt security measures and updates.

Affected Version(s)

Prisma Browser 0 < 146.16.6.165

References

https://security.paloaltonetworks.com/CVE-2026-0236

vendor-advisory

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 13, 2026
Vulnerability published
May 13, 2026
Vulnerability Reserved
Nov 3, 2025

Credit

Cisors

CVE-2026-0236 Data

JSON