Cato Client

by Cato Networksv6.4.6.8830

Last updated Jun 8, 2026

Secure your network, devices and identify and support your users.

Install with winget

$ winget install --id CatoNetworks.CatoClient --exact --version 6.4.6.8830

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Silent install command for Cato Client

Cato Client uses MSI (WiX). The silent install switches are /quiet /norestart.

One-line silent install (x64, machine scope)

msiexec.exe /i setup.msi /quiet /norestart

See the full silent install reference for Cato Client →

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

Installers · v6.4.6.8830

Architecture	Type	Scope	Install	Download
x64	MSI WiX	machine		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

7 known CVEs via NVD

high8.1Patched in wingetCVE-2025-3886affects before 5.8.0Apr 27, 2025
An issue in CatoNetworks CatoClient before v.5.8.0 allows attackers to escalate privileges and achieve a race condition (TOCTOU) via the PrivilegedHelperTool component.
Vendor advisory
medium5.6Patched in wingetCVE-2024-6978affects before 5.10.34Jul 31, 2024
Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users.This issue affects SDP Client: before 5.10.28.
Vendor advisory
medium6.5Patched in wingetCVE-2024-6977affects <=5.10.34Jul 31, 2024
A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue a...
Vendor advisory
high8.8Patched in wingetCVE-2024-6975affects before 5.10.34Jul 31, 2024
Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file. This issue affects SDP Client before 5.10.34.
Vendor advisory
high8.8Patched in wingetCVE-2024-6974affects before 5.10.34Jul 31, 2024
Cato Networks Windows SDP Client Local Privilege Escalation via self-upgradeThis issue affects SDP Client: before 5.10.34.
Vendor advisory
high7.5Patched in wingetCVE-2024-6973affects before 5.10.34Jul 31, 2024
Remote Code Execution in Cato Windows SDP client via crafted URLs. This issue affects Windows SDP Client before 5.10.34.
Vendor advisory
high8.1Patched in wingetCVE-2023-43976affects before 5.4.0Oct 3, 2023
An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate privileges and winning the race condition (TOCTOU) via the PrivilegedHelperTool component.

Source: NVD, updated 5h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Related apps

KaringSupernova Nebula LLC
KaringX.Karingv1.2.19+2209
A singbox GUI based on flutter.
Zapret 2loop-uh
loop-uh.Zapret2v21.0.0.6
Bypassing Discord and YouTube blocks
Cloudflare One ClientCloudflare, Inc.
Cloudflare.Warpv26.4.1390.0
1.1.1.1 with WARP replaces the connection between your device and the Internet with a modern, optimized, protocol.
spacedesk Windows DRIVERdatronicsoft Inc.
Datronicsoft.SpacedeskDriver.Serverv2.2.22.0
Spacedesk Driver Software for Windows PRIMARY PC (server) runs only with Windows 11 and Windows 10
Koala ClashKoala Clash
coolcoala.KoalaClashv1.3.1
A modern GUI client based on Tauri, designed to run in Windows, macOS and Linux for tailored proxy experience
Clash VergeClash Verge Rev
ClashVergeRev.ClashVergeRevv2.5.1
基于 Tauri 的 Clash Meta GUI

More from Cato Networks or browse network, vpn.

Frequently asked questions

How do I install Cato Client on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id CatoNetworks.CatoClient --exact --version 6.4.6.8830. winget downloads the installer from Cato Networks and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Cato Client silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id CatoNetworks.CatoClient --exact 6.4.6.8830 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

What are the silent install switches for Cato Client?

Cato Client uses MSI (WiX). Run the downloaded installer with: msiexec.exe /i setup.msi /quiet /norestart. The silent switches are /quiet /norestart.

How do I uninstall Cato Client via winget?

Run: winget uninstall --id CatoNetworks.CatoClient --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Cato Client's Apps & Features entry.

Is Cato Client free?

Cato Client is distributed under Proprietary. Refer to the publisher (https://clientdownload.catonetworks.com/) for the full license terms - Wingetly itself does not charge for installation.

Does Cato Client work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Cato Client directly from the publisher.

How do I keep Cato Client up to date?

Run winget upgrade --id CatoNetworks.CatoClient --exact, or winget upgrade --all to update everything winget tracks. We index 10 versions of Cato Client from microsoft/winget-pkgs.

Recent versions

6.4.6.8830latest
6.2.0.8682
6.0.1.8602
5.21.5.8548
5.20.4.8411
5.18.5.8316
5.17.3.8252
5.16.4.8144
5.15.6.8118
5.14.5.5557