CVE-2026-0237 HIGH

CVE-2026-0237: Prisma Browser: Improperly Restricted Automation Bridge Allows Security Bypass

Vendor Palo Alto Networks
Product Prisma Browser
Weakness CWE-424
Published May 13, 2026
Last update May 14, 2026

CVSS base score

7.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber

What the vulnerability does

01Description

An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authenticated non-admin user to leverage an exposed communication channel to send unauthorized commands to the browser, bypassing security controls.

Key dates

02Disclosure timeline

May 13, 2026 CVE published
May 14, 2026 Record updated