PT-2026-41760 · Mullvad · Mullvad Vpn

Swayzgl1Tzyyy

·

Published

2026-05-19

·

Updated

2026-07-11

·

CVE-2026-32323

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Mullvad VPN versions prior to 2026.2-beta1
Description Mullvad VPN on macOS may allow local privilege escalation during installation or upgrade. The installer package executes binaries from '/Applications/Mullvad VPN.app' without verifying if the bundle is attacker-controlled or if the path is the legitimate application. A user in the admin group can pre-place a crafted application bundle at that location to achieve code execution as root.
Recommendations Update to version 2026.2-beta1.

Exploit

Fix

LPE

Insufficient Verification of Data Authenticity

Uncontrolled Search Path Element

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-32323
GHSA-C2G6-W5FQ-VW3M

Affected Products

Mullvad Vpn