Severity by source
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
Primary rating from Vendor (palo_alto) · only source for this CVE.
CVSS VectorVendor: palo_alto
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
Lifecycle Timeline
5DescriptionCVE.org
A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated non-admin user to leverage this exposed Apple Event handler to send unauthorized commands to the browser.
AnalysisAI
Local code injection in Palo Alto Networks Prisma Browser on macOS lets an authenticated non-admin user abuse an exposed AppleScript/Apple Event handler to send unauthorized commands to the browser, with high impact on confidentiality and integrity. No public exploit identified at time of analysis, and EPSS is very low (0.02%), but SSVC rates the technical impact as total once the local foothold exists. Affects all Prisma Browser releases prior to 146.16.6.165 on macOS.
Technical ContextAI
Prisma Browser is Palo Alto Networks' enterprise/SASE browser built on a Chromium base, packaged as a macOS application. On macOS, applications can expose scripting interfaces via the AppleScript / Apple Events IPC mechanism, normally gated by entitlements (com.apple.security.scripting-targets, NSAppleEventsUsageDescription) and access control prompts under TCC. CWE-94 (Improper Control of Generation of Code, a.k.a. Code Injection) applies here because the Prisma Browser application registers an Apple Event handler that does not properly restrict who can dispatch scripting commands, so a local process running as another non-admin user on the same Mac can craft Apple Events that the browser executes as if they were legitimate scripted automation. The exact affected component per CPE is cpe:2.3:a:palo_alto_networks:prisma_browser:*:*:*:*:*:*:*:*, and EUVD records the fixed boundary at version 146.16.6.165.
RemediationAI
Vendor-released patch: upgrade Prisma Browser on macOS to version 146.16.6.165 or later, as published in the Palo Alto Networks advisory at https://security.paloaltonetworks.com/CVE-2026-0236. For fleets that cannot immediately update, compensating controls on macOS include restricting which processes can send Apple Events to Prisma Browser via TCC / Privacy & Security → Automation policy (managed via MDM PPPC profiles), denying automation control of Prisma Browser to untrusted apps; this has the side effect of breaking legitimate user automation and admin scripts that target the browser. On multi-user Macs, limit local logon to trusted accounts and avoid shared sessions, since the attack requires a local non-admin foothold. Do not rely on standard-user privilege separation alone - the whole point of this CVE is that non-admin scope is sufficient.
More in Prisma Browser
View allLocal privilege escalation in Palo Alto Networks Prisma Browser on macOS allows a locally authenticated non-admin user t
Policy bypass in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to circumvent access a
Privilege escalation in Palo Alto Networks Prisma® Browser on macOS enables a locally authenticated administrator with a
Same weakness CWE-94 – Code Injection
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30089
GHSA-jf7x-wmp8-3g54