CVE-2026-32323

Mullvad · VPN

An unspecified vulnerability exists within the Mullvad VPN client, potentially impacting the security of the application on desktop and mobile platforms.

Executive summary

The Mullvad VPN client is subject to a security vulnerability that may compromise the integrity or confidentiality of the VPN connection.

Vulnerability

The vulnerability is currently undefined in scope and nature. The authentication requirements remain unknown, and further technical disclosure is required to assess the specific attack vector.

Business impact

A CVSS score of 7.3 indicates a High severity risk. Successful exploitation could potentially allow an attacker to intercept traffic or bypass VPN security controls, leading to a loss of privacy or unauthorized network access for users relying on the client.

Remediation

Immediate Action: Check the official Mullvad website for the latest software version and apply updates across all desktop and mobile installations immediately.

Proactive Monitoring: Review VPN connectivity logs for signs of unexpected session terminations or unauthorized connection attempts.

Compensating Controls: If an update is not immediately available, consider temporarily utilizing alternative secure tunnels or disabling the client if the risk of exposure outweighs the requirement for the VPN.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Users and administrators should monitor official vendor channels for security patches regarding this client. Due to the critical nature of VPN software as a security control, maintaining the latest version is imperative to ensure the confidentiality of network traffic.