Palo Alto Networks Prisma Browser Code Injection Vulnerability via AppleScript Interface on macOS

Vulnerability

A code injection vulnerability exists in Palo Alto Networks Prisma Browser for macOS. The issue arises because the browser's AppleScript interface does not properly restrict access, allowing a locally authenticated non-admin user to exploit this vulnerability. By leveraging the exposed Apple Event handler, the user can send unauthorized commands to the browser.

Impact

Exploitation of this vulnerability allows for code injection, where unauthorized commands can be sent to the browser via AppleScript.

Added: May 13, 2026, 7:44 PM

Updated: May 13, 2026, 7:44 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

2.9

remediation

0.0

relevance

8.2

threat

0.0

urgency

5.7

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

2.9

remediation

0.0

relevance

8.2

threat

0.0

urgency

5.7

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Palo Alto Networks Prisma Browser Code Injection Vulnerability via AppleScript Interface on macOS

Vulnerability

Impact

Affected Products

Palo Alto Networks Prisma Browser

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating