Vulnerability in Cato Networks Sdp Client
CVE-2026-12374
Improper certificate validation and a time-of-check time-of-use (TOCTOU) race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root vi…
Vulnerability class: Improper Certificate Validation
Affected products
- Cato Networks Sdp Client — versions 5.12.0