PT-2026-54619 · Cato Networks · Sdp Client
Published
2026-07-01
·
Updated
2026-07-09
·
CVE-2026-12374
CVSS v4.0
6.4
Medium
| Vector | AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/AU:Y/R:U/V:C/RE:L/U:Amber |
Name of the Vulnerable Software and Affected Versions
Cato Client versions prior to 5.13.1
Description
The PrivilegedHelperTool XPC service on macOS contains improper certificate validation and a time-of-check time-of-use (TOCTOU) race condition. A TOCTOU race condition occurs when a program checks the state of a resource and then acts on that resource, but the state changes between the check and the action. This allows a local authenticated attacker to escalate privileges to root by using a self-signed certificate to bypass XPC caller verification and performing a symlink swap during package installation.
Recommendations
Update Cato Client to version 5.13.1 or later.
Fix
LPE
Time Of Check To Time Of Use
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sdp Client