45 matches found
CVE-2026-32323
Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege escalation during installation or upgrade. The installer package executes binaries from /Applications/Mullvad VPN.app without verifying if the bundle is...
CVE-2026-32323 Mullvad VPN for macOS: Local Privilege Escalation via unverified bundle path in installer
Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege escalation during installation or upgrade. The installer package executes binaries from /Applications/Mullvad VPN.app without verifying if the bundle is...
CVE-2026-32323 Mullvad VPN for macOS: Local Privilege Escalation via unverified bundle path in installer
Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege escalation during installation or upgrade. The installer package executes binaries from /Applications/Mullvad VPN.app without verifying if the bundle is...
CVE-2026-32323
Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege escalation during installation or upgrade. The installer package executes binaries from /Applications/Mullvad VPN.app without verifying if the bundle is...
CVE-2026-32323
CVE-2026-32323 : Mullvad VPN for macOS versions 2026.1 and earlier are affected by a local privilege escalation in the installer. The installer executes binaries from /Applications/Mullvad VPN.app without verifying that the bundle is attacker-controlled or legitimate, allowing a user in the admin...
Mullvad VPN desktop and mobile app 安全漏洞
The Mullvad VPN desktop and mobile app is an open-source VPN client application developed by Mullvad VPN. Versions of the Mullvad VPN desktop and mobile app prior to 2026.1 contained a security vulnerability. This vulnerability stemmed from the installer’s failure to verify the validity of the...
CVE-2023-50446
An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1. Insufficient permissions on a directory allow any local unprivileged user to escalate privileges to SYSTEM...
CVE-2024-34446
Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state after a hard failure to create a tunnel, and thus DNS traffic can leave the device. Data showing that the affected device was the origin of sensitive DNS requests may be observed and logged by operators of...
EUVD-2024-52840
Malicious code in bioql PyPI...
PT-2025-91: Local Privilege Escalation in Mullvad VPN
The vulnerability was identified in Mullvad VPN, version 2025.4. The discovered vulnerability allows an attacker to escalate privileges from a normal user to root. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 24.06.2025 Recommendations: Update to version 2025.7 or...
The vulnerability of the Mullvad VPN client, related to deficiencies in access control, allows attackers to enhance their privileges.
The vulnerability of the Mullvad VPN client is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
CVE-2024-55884
In the Mullvad VPN client 2024.6 Desktop, 2024.8 iOS, and 2024.8-beta1 Android, the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable in exceptionlogging/unix.rs, aka MLLVD-CR-24-01. NOTE: achieving code execution is considered non-trivial...
The vulnerability of the enable function in Mullvad’s VPN client allows a hacker to trigger a service failure.
The vulnerability of the enable function in Mullvad’s VPN client involves an escape from the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
CVE-2024-55884
In the Mullvad VPN client 2024.6 Desktop, 2024.8 iOS, and 2024.8-beta1 Android, the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable in exceptionlogging/unix.rs, aka MLLVD-CR-24-01. NOTE: achieving code execution is considered non-trivial...
CVE-2024-55884
In the Mullvad VPN client 2024.6 Desktop, 2024.8 iOS, and 2024.8-beta1 Android, the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable in exceptionlogging/unix.rs, aka MLLVD-CR-24-01. NOTE: achieving code execution is considered non-trivial...
Mullvad 安全漏洞
Mullvad is a commercial VPN service from Mullvad, Inc. A security vulnerability exists in Mullvad that stems from the possibility that the exception handling standby stack may be exhausted, resulting in heap-based out-of-bounds writes...
CVE-2024-55884
In the Mullvad VPN client 2024.6 Desktop, 2024.8 iOS, and 2024.8-beta1 Android, the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable in exceptionlogging/unix.rs, aka MLLVD-CR-24-01. NOTE: achieving code execution is considered non-trivial...
CVE-2024-55884
In the Mullvad VPN client 2024.6 Desktop, 2024.8 iOS, and 2024.8-beta1 Android, the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable in exceptionlogging/unix.rs, aka MLLVD-CR-24-01. NOTE: achieving code execution is considered non-trivial...
CVE-2024-55884
Mullvad VPN client vulnerability CVE-2024-55884 affects 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android). The issue is an exhaustion of the exception-handling alternate stack that causes heap-based out-of-bounds writes in enable() within exception_logging/unix.rs (MLLVD-CR-24-01). The d...
PT-2024-10150 · Mullvad · Mullvad Vpn Client
Name of the Vulnerable Software and Affected Versions: Mullvad VPN client versions 2024.6 Desktop through 2024.8 iOS Mullvad VPN client version 2024.8-beta1 Android Description: The exception-handling alternate stack in the Mullvad VPN client can be exhausted, leading to heap-based out-of-bounds...