The Mullvad Blog

The third party security audit of the Mullvad VPN app has concluded that the app has a high security level. Some non-critical issues were found, and have been fixed to the extent possible. Read more

The TestFlight beta release of our iOS app, 2024.4 (1), has a bug that can lead to traffic leaks when connecting if you have quantum-resistant tunnels enabled (disabled by default). Read more

We evaluated the impact of the latest TunnelVision attack (CVE-2024-3661) and have found it to be very similar to TunnelCrack LocalNet (CVE-2023-36672 and CVE-2023-35838). Read more

Vulnerabilities in some implementations of Kyber, the quantum-resistant key encapsulation mechanism, were recently disclosed. Mullvad’s quantum-resistant tunnels are not affected by this vulnerability, nor any vulnerability of the same kind. Read more

We tasked the Netherlands based security firm Radically Open Security (RoS) with performing the third audit towards our VPN infrastructure. Read more

Assured AB were contracted to perform a security assessment of our new Leta search service between 2023-03-27 and 2023-03-31. Read more

Assured AB were contracted to perform a security assessment of our account and payment services between 2022-11-07 and 2022-11-29. Read more

A security assessment of the Mullvad VPN apps has concluded that the app is well-architected from a security perspective. Some issues were found, and they have been fixed to the extent possible. Read more

We are now running our own self-hosted authoritative DNS servers which we have spread around the world for redundancy, trust and performance. Read more