Palo Alto Networks Prisma Browser Auth CmdInv via AutoBr (CVE-2026-0237)
CVE-2026-0237 Published on May 13, 2026
Prisma Browser: Improperly Restricted Automation Bridge Allows Security Bypass
An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authenticated non-admin user to leverage an exposed communication channel to send unauthorized commands to the browser, bypassing security controls.
Timeline
Initial publication.
Weakness Type
Improper Protection of Alternate Path
The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.
Products Associated with CVE-2026-0237
Want to know whenever a new CVE is published for Palo Alto Networks Prisma Browser? stack.watch will email you.
Affected Versions
Palo Alto Networks Prisma Browser:- Before 146.16.6.165 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.