CVE-2026-32323, published May 19, identifies a local privilege escalation vulnerability in the Mullvad VPN macOS installer scored at CVSS 7.3. Exploitation requires local access to the target machine and is most relevant in shared or managed macOS environments where multiple users operate under separate privilege levels. Mullvad VPN is a widely-used privacy-focused VPN client common in developer and security-conscious user environments. A local attacker or malicious process with user-level access could leverage this flaw to gain elevated system privileges during or after installation. Users and MDM administrators managing macOS fleets should check for a patched installer from Mullvad and re-deploy if an updated version becomes available.