CVE-2026-0235

Palo Alto Networks Prisma Browser (PB) - Bypassing security controls via race condition

CVE ID

CVE-2026-0235

Description

A race condition vulnerability in Palo Alto Networks Prisma Browser enables a locally authenticated non-admin user to bypass certain access and data control policies.

Tested Versions

144.6.10.59

Details

Palo Alto Networks Prisma Browser (PB) is an enterprise browser which emerged as a critical security control for organisations seeking to protect sensitive data and enforce security policies in cloud-first environments.

Timeline

• 2026-03-11 - Vendor Disclosure
• 2026-05-13 - Vendor Patched
• 2026-05-13 - Public Release

Credit

Discovered by Stan Leow from Assurity Trusted Solutions and Tan Inn Fung, Zhang Bosen, Sean Seah from the GovTech Cybersecurity Group.