Description
An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authenticated non-admin user to leverage an exposed communication channel to send unauthorized commands to the browser, bypassing security controls.
Published: 2026-05-13
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An improperly protected alternate path in Palo Alto Networks Prisma Browser on macOS allows a locally authenticated non‑admin user to send unauthorized commands through an exposed internal automation bridge. This flaw bypasses the browser's security controls, enabling the execution of commands that should be restricted. The vulnerability is a classic case of improper access control (CWE‑424) and could potentially lead to unauthorized manipulation of browser state or content.

Affected Systems

The affected vendor is Palo Alto Networks, product Prisma Browser running on macOS. All versions prior to 146.16.6.165 are vulnerable, as the official fix recommends upgrading to this release or newer. The issue is not limited to specific configurations, so any installation of older Prisma Browser versions on macOS should be considered impacted.

Risk and Exploitability

The CVSS score of 7.3 indicates a high severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no widely known public exploits at this time. However, the attacker model requires local system access and normal user authentication, meaning a threat actor with physical or remote access to a user’s machine could exploit the flaw. After exploitation the attacker can issue arbitrary commands to the browser, effectively bypassing security controls.

Generated by OpenCVE AI on May 13, 2026 at 19:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Prisma Browser to version 146.16.6.165 or newer on the affected macOS system.
  • Disable or restrict the internal automation bridge feature via configuration if the product provides that option.
  • Enforce least‑privilege principles on macOS, ensuring non‑admin users run only the applications they require.

Generated by OpenCVE AI on May 13, 2026 at 19:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 13 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authenticated non-admin user to leverage an exposed communication channel to send unauthorized commands to the browser, bypassing security controls.
Title Prisma Browser: Improperly Restricted Automation Bridge Allows Security Bypass
First Time appeared Palo Alto Networks
Palo Alto Networks prisma Browser
Weaknesses CWE-424
CPEs cpe:2.3:a:palo_alto_networks:prisma_browser:*:*:*:*:*:*:*:*
Vendors & Products Palo Alto Networks
Palo Alto Networks prisma Browser
References
Metrics cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber'}

Subscriptions

Palo Alto Networks Prisma Browser
cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published:

Updated: 2026-05-14T03:56:35.801Z

Reserved: 2025-11-03T20:43:58.032Z

Link: CVE-2026-0237

cve-icon Vulnrichment

Updated: 2026-05-13T18:23:51.231Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T18:16:12.990

Modified: 2026-05-13T18:17:47.830

Link: CVE-2026-0237

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T19:30:03Z

Weaknesses