๐Ÿ” CVE Alert

CVE-2026-12374

UNKNOWN 0.0

Improper XPC caller certificate validation and TOCTOU race condition in macOS PrivilegedHelperTool

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Improper certificate validation and a time-of-check time-of-use (TOCTOU) race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller verification and a symlink swap during package installation.

CWE CWE-295 CWE-367
Vendor cato networks
Product sdp client
Published Jul 1, 2026
Last Updated Jul 1, 2026
Stay Ahead of the Next One

Get instant alerts for cato networks sdp client

Be the first to know when new unknown vulnerabilities affecting cato networks sdp client are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Cato Networks / SDP Client
5.12.0 < 5.13.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
support.catonetworks.com: https://support.catonetworks.com/hc/en-us/articles/37284626576413-Security-Vulnerability-CVE-2026-12374-that-Impacts-macOS-Client-Versions-Lower-than-5-13-1