UnratedPalo Alto Networks Exploited CISA KEV
race condition vulnerability in Palo Alto Networks Prisma® Browser enables a locally authenticated non-admin user t…
CVE-2026-0235 Published May 13, 2026Updated by vendor Jun 17, 2026
CVE-2026-0235CVE-2026-0235146CVE-2026-0236CVE-2026-0236146CVE-2026-0237CVE-2026-0237146CVE-2026-4439CVE-2026-4439146CVE-2026-4440CVE-2026-4440146CVE-2026-4441CVE-2026-4441146CVE-2026-4442CVE-2026-4442146CVE-2026-4443CVE-2026-4443146CVE-2026-4444CVE-2026-4444146CVE-2026-4445CVE-2026-4445146CVE-2026-4446CVE-2026-4446146CVE-2026-4447CVE-2026-4447146CVE-2026-4448CVE-2026-4448146CVE-2026-4449CVE-2026-4449146CVE-2026-4450CVE-2026-4450146CVE-2026-4451CVE-2026-4451146CVE-2026-4452CVE-2026-4452146CVE-2026-4453CVE-2026-4453146CVE-2026-4454CVE-2026-4454146CVE-2026-4455CVE-2026-4455146CVE-2026-4456CVE-2026-4456146CVE-2026-4457CVE-2026-4457146CVE-2026-4458CVE-2026-4458146CVE-2026-4459CVE-2026-4459146CVE-2026-4460CVE-2026-4460146CVE-2026-4461CVE-2026-4461146CVE-2026-4462CVE-2026-4462146CVE-2026-4463CVE-2026-4463146CVE-2026-4464CVE-2026-4464146CVE-2026-4673CVE-2026-4673146CVE-2026-4674CVE-2026-4674146CVE-2026-4675CVE-2026-4675146CVE-2026-4676CVE-2026-4676146CVE-2026-4677CVE-2026-4677146CVE-2026-4678CVE-2026-4678146CVE-2026-4679CVE-2026-4679146CVE-2026-4680CVE-2026-4680146CVE-2026-5272CVE-2026-5272146CVE-2026-5273CVE-2026-5273146CVE-2026-5274CVE-2026-5274146CVE-2026-5275CVE-2026-5275146CVE-2026-5276CVE-2026-5276146CVE-2026-5277CVE-2026-5277146CVE-2026-5278CVE-2026-5278146CVE-2026-5279CVE-2026-5279146CVE-2026-5280CVE-2026-5280146CVE-2026-5281CVE-2026-5281146CVE-2026-5282CVE-2026-5282146CVE-2026-5283CVE-2026-5283146CVE-2026-5284CVE-2026-5284146CVE-2026-5285CVE-2026-5285146CVE-2026-5286CVE-2026-5286146CVE-2026-5287CVE-2026-5287146CVE-2026-5288CVE-2026-5288146CVE-2026-5289CVE-2026-5289146CVE-2026-5290CVE-2026-5290146CVE-2026-5291CVE-2026-5291146CVE-2026-5292CVE-2026-5292146CVE-2026-5876CVE-2026-5876147CVE-2026-5881CVE-2026-5881147CVE-2026-5884CVE-2026-5884147CVE-2026-5886CVE-2026-5886147CVE-2026-5893CVE-2026-5893147CVE-2026-5909CVE-2026-5909147CVE-2026-5914CVE-2026-5914147CVE-2026-5919CVE-2026-5919147CVE-2026-6305CVE-2026-6305147CVE-2026-6361CVE-2026-6361147CVE-2026-6921CVE-2026-6921147CVE-2026-7343CVE-2026-7343147CVE-2026-7359CVE-2026-7359147CVE-2026-7361CVE-2026-7361147CVE-2026-7363CVE-2026-7363147CVE-2026-7981CVE-2026-7981148CVE-2026-8018CVE-2026-8018148CVE-2026-8022CVE-2026-8022148
Affected products & platforms
Palo Alto NetworksPrisma Access
Summary
A race condition vulnerability in Palo Alto Networks Prisma® Browser enables a locally authenticated non-admin user to bypass certain access and data control policies.
CISA Known Exploited Vulnerability
- Listed:
- Apr 1, 2026 · federal remediation due Apr 15, 2026
- Required action:
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Ransomware use:
- Unknown
KEV is a prioritization signal from CISA — remediation detail still comes from the vendor advisory.
Affected versions
- Prisma Browser: < 146.10.7.154
Official advisory · medium-confidence parse· fetched 6 hours ago·verify at source
Fixed versions
- Prisma Browser: >= 148.6.3.96
Official advisory · medium-confidence parse· fetched 6 hours ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade to a fixed release: Prisma Browser: >= 148.6.3.96.
Temporary workarounds
- No known workarounds exist for this issue.
Official advisory · medium-confidence parse· fetched 6 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.