What is the CVSS score of CVE-2026-32323?

CVE-2026-32323 has a CVSS 3.1 base score of 7.3 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Mullvad VPN are affected by CVE-2026-32323?

Mullvad VPN for macOS versions 2026.1 and earlier contain a local privilege escalation vulnerability that permits admin-group users to execute arbitrary code as root during installation or upgrade.. A patch is available.

Mullvad VPN CVE-2026-32323

EUVD-2026-30818 HIGH

Uncontrolled Search Path Element (CWE-427)

2026-05-19 GitHub_M

Privilege Escalation RCE Apple

7.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

May 19, 2026 - 02:01 EUVD

Source Code Evidence Fetched

May 19, 2026 - 01:43 vuln.today

Analysis Generated

May 19, 2026 - 01:43 vuln.today

DescriptionNVD

Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege escalation during installation or upgrade. The installer package executes binaries from /Applications/Mullvad VPN.app without verifying if the bundle is attacker-controlled or that the path is the legitimate Mullvad application. A user in the admin group can pre-place a crafted application bundle at that location and may be able to achieve code execution as root. Since the issue only affected the installer, there is no immediate need for users to update if they are already running an older version. This issue has been fixed in version 2026.2-beta1.

AnalysisAI

Local privilege escalation in Mullvad VPN for macOS versions 2026.1 and earlier allows a user in the admin group to gain root code execution during installation or upgrade. The installer's preinstall script executes binaries from /Applications/Mullvad VPN.app without verifying the bundle's integrity, enabling an admin-group attacker to pre-stage a malicious app bundle that runs as root. …

RemediationAI

Within 24 hours: Inventory all macOS systems running Mullvad VPN 2026.1 or earlier; restrict installer execution to named trusted administrators and implement supervisor approval for all VPN updates. Within 7 days: Disable automatic updates for Mullvad VPN pending patch release; deploy file integrity monitoring for /Applications/Mullvad VPN.app. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-47114 HIGH This Week POC

8.6 May 21

Arbitrary command execution in IINA media player for macOS versions prior to 1.4.3 allows remote attackers to run shell

CVE-2026-44739 HIGH This Week

8.7 May 27

SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config

CVE-2026-5817 HIGH This Week

8.2 May 22

Arbitrary code execution in Docker Model Runner's vllm-metal inference backend on macOS allows any container on the Dock

CVE-2026-5843 HIGH This Week

8.2 May 22

Arbitrary code execution in Docker Desktop's Model Runner on macOS allows any container on the Docker network to escape

CVE-2025-43306 HIGH This Week

7.8 May 26

Local privilege escalation in Apple macOS allows a malicious app already running with low privileges to elevate to root

CVE-2026-32323 vulnerability details – vuln.today

Back

Mullvad VPN CVE-2026-32323

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code