Vulnerability in Cato Networks Sdp Client

CVE-2026-12374

Improper certificate validation and a time-of-check time-of-use (TOCTOU) race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root vi…

Vulnerability class: Improper Certificate Validation

Affected products

Weakness classification (CWE)

References