Skip to main content

Prisma Browser CVE-2026-0275

| EUVDEUVD-2026-42691 LOW
Improper Privilege Management (CWE-269)
2026-07-09 palo_alto GHSA-vhc2-hf7g-64gj
2.0
CVSS 4.0 · Vendor: palo_alto

Severity by source

Vendor (palo_alto) PRIMARY
2.0 LOW
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
vuln.today AI
6.3 MEDIUM

Local access, high privileges, and user interaction required per CVSS 4.0 AT:P/UI:A; AC:H reflects specific filesystem and attack prerequisite conditions; no scope change as SC:N/SI:N/SA:N confirmed.

3.1 AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (palo_alto).

CVSS VectorVendor: palo_alto

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
A
Scope
X

Lifecycle Timeline

2
Patch available
Jul 09, 2026 - 21:01 EUVD
Analysis Generated
Jul 09, 2026 - 20:27 vuln.today

DescriptionCVE.org

A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges.

This issue only affects Prisma® Browser on macOS.

AnalysisAI

Privilege escalation in Palo Alto Networks Prisma® Browser on macOS enables a locally authenticated administrator with access to the local filesystem to perform actions at root privilege level. The vulnerability is scoped exclusively to macOS deployments of Prisma Browser - no other platforms or Palo Alto products are implicated per the advisory. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local admin credentials
Delivery
Access Prisma Browser on macOS
Exploit
Trigger privileged operation via abuse of IPC or helper tool
Execution
Execute arbitrary actions as root
Impact
Compromise macOS system integrity

Vulnerability AssessmentAI

Exploitation Exploitation requires all of the following to be true simultaneously: (1) the target system is running macOS - the vulnerability does not affect any other platform; (2) the attacker holds a locally authenticated administrator account on that macOS system (PR:H); (3) the attacker has access to the macOS local filesystem; and (4) some form of active user interaction occurs (UI:A per CVSS 4.0), meaning the exploit cannot be triggered purely programmatically without some participatory action. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 2.0 is notably low, driven by the convergence of multiple restrictive metrics: AV:L (requires local system access), PR:H (requires locally authenticated administrator), UI:A (requires active user interaction), and AT:P (specific attack prerequisites beyond attacker control). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A malicious insider or attacker who has already compromised a macOS endpoint and obtained local administrator credentials interacts with Prisma Browser in a specific manner - potentially abusing a privileged helper tool or IPC interface - causing the application to execute an action as root. This root-level execution could be leveraged to modify system files, install persistent malware, or extract credentials from protected macOS keychain storage. …
Remediation The primary remediation is to apply the vendor-released patch once confirmed available via the Palo Alto Networks advisory at https://security.paloaltonetworks.com/CVE-2026-0275 - no exact fixed version number is independently confirmed in the current data, so organizations should monitor that advisory directly. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-0275 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy