CVE-2026-32323 Mullvad VPN for macOS: Local Privilege Escalation via unverified bundle path in installer

Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege escalation during installation or upgrade. The installer package executes binaries from /Applications/Mullvad VPN.app without verifying if the bundle is...

Mullvad VPN desktop and mobile app 安全漏洞

The Mullvad VPN desktop and mobile app is an open-source VPN client application developed by Mullvad VPN. Versions of the Mullvad VPN desktop and mobile app prior to 2026.1 contained a security vulnerability. This vulnerability stemmed from the installer’s failure to verify the validity of the...

Mullvad 安全漏洞

Mullvad is a commercial VPN service from Mullvad, Inc. A security vulnerability exists in Mullvad that stems from the possibility that the exception handling standby stack may be exhausted, resulting in heap-based out-of-bounds writes...

gratient 0.5 contains credential harvesting code

gratient is a user-facing library for generating color gradients of text.Version 0.5 contained obfuscated, malicious code targetingWindows platforms, harvesting information and credentials from theuser's system and sending them to a remote server.Services may include Mullvad VPN and Telegram...