CVE-2026-12374
Improper XPC caller certificate validation and TOCTOU race condition in macOS PrivilegedHelperTool
Description
Improper certificate validation and a time-of-check time-of-use (TOCTOU) race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller verification and a symlink swap during package installation.
INFO
Published Date :
July 1, 2026, 2:07 p.m.
Last Modified :
July 1, 2026, 2:07 p.m.
Remotely Exploit :
No
Source :
Cato
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 4.0 | MEDIUM | 2505284f-8ffb-486c-bf60-e19c1097a90b | ||||
| CVSS 4.0 | MEDIUM | 2505284f-8ffb-486c-bf60-e19c1097a90b |
Solution
- Update Cato Client to version 5.13.1 or later.
- Apply vendor-provided patches for macOS.
- Ensure XPC service uses proper validation.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-12374 vulnerability anywhere in the article.