VYPR

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

BaseIncompleteLikelihood: Medium

Description

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-27 · CAPEC-29

CVEs mapped to this weakness (249)

page 1 of 13
  • CVE-2025-64180CriNov 7, 2025
    risk 0.65cvss 10.0epss 0.00

    Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check…

  • CVE-2025-34027CriMay 21, 2025
    risk 0.65cvss epss 0.35

    The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use (TOCTOU)…

  • CVE-2026-37531CriMay 1, 2026
    risk 0.64cvss 9.8epss 0.01

    AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The is_valid_filename function in wgtpkg-zip.c validates ZIP entry names but does not check for dot…

  • CVE-2026-20677CriFeb 11, 2026
    risk 0.59cvss 9.0epss 0.00

    A race condition was addressed with improved handling of symbolic links. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. A shortcut may be able to bypass sandbox restrictions.

  • CVE-2026-53838CriJun 12, 2026
    risk 0.57cvss 9.8epss 0.00

    OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. Attackers can exploit reconnection logic to restore or present broader node authority than intended, potentially bypassing…

  • CVE-2026-44112CriMay 6, 2026
    risk 0.56cvss 9.6epss 0.02

    OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox…

  • CVE-2024-53694HigMar 7, 2025
    risk 0.56cvss epss 0.00

    A time-of-check time-of-use (TOCTOU) race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources. We have already…

  • CVE-2026-24067HigJun 10, 2026
    risk 0.55cvss 8.4epss 0.00

    Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's…

  • CVE-2026-26224HigFeb 12, 2026
    risk 0.55cvss epss 0.00

    Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability. A root-executed diagnostic script creates and writes files in /tmp without…

  • CVE-2025-34290HigDec 20, 2025
    risk 0.55cvss epss 0.00

    Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations…

  • CVE-2025-3464HigJun 16, 2025
    risk 0.55cvss epss 0.01

    A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.

  • CVE-2013-3888HigOct 9, 2013
    risk 0.55cvss 8.4epss 0.01

    dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."

  • CVE-2017-0412HigFeb 8, 2017
    risk 0.54cvss 7.8epss 0.03

    An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities,…

  • CVE-2017-0411HigFeb 8, 2017
    risk 0.54cvss 7.8epss 0.03

    An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities,…

  • CVE-2026-24065HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.00

    Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged helper service. The helper validates connecting XPC clients using the client process identifier (PID) to verify code-signing identity. Because process…

  • CVE-2026-6180HigMay 5, 2026
    risk 0.53cvss 8.1epss 0.00

    A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence counters, the server may incorrectly process fragmented data chunks. If a sequence…

  • CVE-2025-27812HigApr 10, 2025
    risk 0.53cvss 8.1epss 0.00

    MSI Center before 2.0.52.0 allows TOCTOU Local Privilege Escalation.

  • CVE-2024-3292HigMay 17, 2024
    risk 0.53cvss 8.2epss 0.00

    A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus Agent host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host. - CVE-2024-3292

  • CVE-2024-3290HigMay 17, 2024
    risk 0.53cvss 8.2epss 0.00

    A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host

  • CVE-2026-44694CriMay 8, 2026
    risk 0.52cvss 9.1epss 0.00

    n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API…