Race Condition in Prisma Browser Allows Local User to Bypass Policies
CVE-2026-0235 Published on May 13, 2026
Prisma Browser: Access and Data Rule Bypass
A race condition vulnerability in Palo Alto Networks Prisma® Browser enables a locally authenticated non-admin user to bypass certain access and data control policies.
Timeline
Initial publication.
Weakness Type
Improper Check for Unusual or Exceptional Conditions
The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.
Products Associated with CVE-2026-0235
Want to know whenever a new CVE is published for Palo Alto Networks Prisma Browser? stack.watch will email you.
Affected Versions
Palo Alto Networks Prisma Browser:- Before 146.16.6.165 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.