CVE-2026-12374
MediumCVSS 6.4Exploitation Probability (EPSS)
Low risk0th percentile — higher than 0% of all known CVEs
Summary
A vulnerability in the PrivilegedHelperTool XPC service in Cato Client before version 5.13.1 on macOS is caused by improper certificate validation and a TOCTOU race condition. This allows a local authenticated attacker to escalate privileges to root using a self-signed certificate and a symlink swap during package installation.
Risk Assessment
The organization faces the risk of a local user gaining full system control, potentially leading to unauthorized access to sensitive data, malware installation, or permanent system compromise.
Recommendation
Immediately update Cato Client to version 5.13.1 or later. Restrict local access to macOS systems to trusted users only.
Original NVD description (English source)
Improper certificate validation and a time-of-check time-of-use (TOCTOU) race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller verification and a symlink swap during package installation.

