CVE-2026-0235
CVE-2026-0235 is a medium-severity vulnerability with a CVSS 4.0 base score of 5.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-754.
Key facts
- Severity: Medium (CVSS 4.0 base score 5.8)
- EPSS exploit prediction: 0% (7th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-30087
- Weakness: CWE-754
- Published:
- Last modified:
Description
A race condition vulnerability in Palo Alto Networks Prisma® Browser enables a locally authenticated non-admin user to bypass certain access and data control policies.
Frequently asked questions
- What is CVE-2026-0235?
- A race condition vulnerability in Palo Alto Networks Prisma® Browser enables a locally authenticated non-admin user to bypass certain access and data control policies.
- How severe is CVE-2026-0235?
- CVE-2026-0235 has a CVSS 4.0 base score of 5.8, rated medium severity.
- Is CVE-2026-0235 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (7th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2026-0235?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2026-0235 have an EU (EUVD) identifier?
- Yes. CVE-2026-0235 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-30087.
- When was CVE-2026-0235 published?
- CVE-2026-0235 was published on 2026-05-13 and last updated on 2026-06-17.
References
Other CWE-754 (Improper Check for Unusual or Exceptional Conditions) vulnerabilities
- CVE-2026-24054 — Critical (CVSS 10.0): Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs)…
- CVE-2021-0211 — Critical (CVSS 10.0): An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing…
- CVE-2026-8091 — Critical (CVSS 9.8): Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150,…
- CVE-2024-52316 — Critical (CVSS 9.8): Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta…
- CVE-2024-7826 — Critical (CVSS 9.8): Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows,…
- CVE-2023-37303 — Critical (CVSS 9.8): An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to…
Browse all CWE-754 (Improper Check for Unusual or Exceptional Conditions) vulnerabilities →