Back to search
CVE-2026-0236
Published: May 13, 2026
Modified: May 15, 2026
PUBLISHED
Description
A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated non-admin user to leverage this exposed Apple Event handler to send unauthorized commands to the browser.
| Vendor | Product | Versions |
|---|---|---|
Palo Alto Networks | Prisma Browser | affected 0 - < 146.16.6.165 |
Weaknesses (CWE)
References
https://security.paloaltonetworks.com/CVE-2026-0236
vendor-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now