High severity7.5NVD Advisory· Published Apr 2, 2026· Updated Apr 3, 2026

CVE-2026-30332

Description

A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process.

Affected products

Balena Io/Etcherreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/balena-io/etcher/issues/4500nvd
www.balena.io/securitynvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000