VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 4 of 55
  • CVE-2026-34334HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

  • CVE-2026-7432HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM

  • CVE-2026-32165HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32164HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32163HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32160HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32159HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32158HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32153HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32090HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32089HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.

  • CVE-2026-27927HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally.

  • CVE-2026-27918HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.

  • CVE-2026-27911HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26181HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26172HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26168HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-20930HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

  • CVE-2026-23239HigMar 10, 2026
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcp_close() This issue was discovered during a code audit. After cancel_work_sync() is called from espintcp_close(), espintcp_tx_work() can still be scheduled from paths…

  • CVE-2026-23169HigFeb 14, 2026
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() syzbot and Eulgyu Kim reported crashes in mptcp_pm_nl_get_local_id() and/or mptcp_pm_nl_is_backup() Root cause is list_splice_init() in…