Severity by source
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
Local access, high privileges, and user interaction required per CVSS 4.0 AT:P/UI:A; AC:H reflects specific filesystem and attack prerequisite conditions; no scope change as SC:N/SI:N/SA:N confirmed.
Primary rating from Vendor (palo_alto).
CVSS VectorVendor: palo_alto
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
Lifecycle Timeline
2DescriptionCVE.org
A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges.
This issue only affects Prisma® Browser on macOS.
AnalysisAI
Privilege escalation in Palo Alto Networks Prisma® Browser on macOS enables a locally authenticated administrator with access to the local filesystem to perform actions at root privilege level. The vulnerability is scoped exclusively to macOS deployments of Prisma Browser - no other platforms or Palo Alto products are implicated per the advisory. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires all of the following to be true simultaneously: (1) the target system is running macOS - the vulnerability does not affect any other platform; (2) the attacker holds a locally authenticated administrator account on that macOS system (PR:H); (3) the attacker has access to the macOS local filesystem; and (4) some form of active user interaction occurs (UI:A per CVSS 4.0), meaning the exploit cannot be triggered purely programmatically without some participatory action. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 2.0 is notably low, driven by the convergence of multiple restrictive metrics: AV:L (requires local system access), PR:H (requires locally authenticated administrator), UI:A (requires active user interaction), and AT:P (specific attack prerequisites beyond attacker control). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A malicious insider or attacker who has already compromised a macOS endpoint and obtained local administrator credentials interacts with Prisma Browser in a specific manner - potentially abusing a privileged helper tool or IPC interface - causing the application to execute an action as root. This root-level execution could be leveraged to modify system files, install persistent malware, or extract credentials from protected macOS keychain storage. … |
| Remediation | The primary remediation is to apply the vendor-released patch once confirmed available via the Palo Alto Networks advisory at https://security.paloaltonetworks.com/CVE-2026-0275 - no exact fixed version number is independently confirmed in the current data, so organizations should monitor that advisory directly. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Prisma Browser
View allLocal code injection in Palo Alto Networks Prisma Browser on macOS lets an authenticated non-admin user abuse an exposed
Local privilege escalation in Palo Alto Networks Prisma Browser on macOS allows a locally authenticated non-admin user t
Policy bypass in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to circumvent access a
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42691
GHSA-vhc2-hf7g-64gj