Improper Protection of Alternate Path in Palo Alto Networks Prisma® Browser on macOS
CVE-2026-0237

7.3HIGH

Key Information:

Vendor: Palo Alto Networks
Status: Prisma Browser
Vendor: CVE Published:; 13 May 2026

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2026-0237?

There is a vulnerability in Palo Alto Networks' Prisma® Browser for macOS that arises from inadequate protection of an alternate path. This flaw allows a locally authenticated non-administrative user to exploit an exposed communication channel, sending unauthorized commands to the browser. As a result, critical security controls can be bypassed, leading to potential unauthorized actions within the application.

Affected Version(s)

Prisma Browser 0 < 146.16.6.165

References

https://security.paloaltonetworks.com/CVE-2026-0237

vendor-advisory

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 13, 2026
Vulnerability published
May 13, 2026
Vulnerability Reserved
Nov 3, 2025

Credit

Cisors

CVE-2026-0237 Data

JSON