RCE in Palo Alto Networks Prisma Browser

CVE-2026-0236

A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated non-admin user to leverage this exposed Apple Event handler to se…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.000 (7.3th percentile) — read the EPSS interpretation.