Vulnerability Details CVE-2026-0237
An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authenticated non-admin user to leverage an exposed communication channel to send unauthorized commands to the browser, bypassing security controls.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 4.6%
CVSS Severity
CVSS v3 Score 7.8
Products affected by CVE-2026-0237
-
cpe:2.3:a:paloaltonetworks:prisma_browser:146.10.7.154
-