VYPR

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

BaseIncompleteLikelihood: Medium

Description

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-27 · CAPEC-29

CVEs mapped to this weakness (249)

page 3 of 13
  • CVE-2026-53806HigJun 11, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell options to execute inline shell content without intended allowlist validation,…

  • CVE-2026-41651HigApr 22, 2026
    risk 0.50cvss 8.8epss 0.00

    PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on…

  • CVE-2026-30332HigApr 2, 2026
    risk 0.49cvss 7.5epss 0.00

    A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process.

  • CVE-2025-20082HigMay 13, 2025
    risk 0.49cvss 7.5epss 0.00

    Time-of-check time-of-use race condition in the UEFI firmware SmiVariable driver for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to enable escalation of privilege via local access.

  • CVE-2024-41917HigFeb 12, 2025
    risk 0.49cvss 7.5epss 0.00

    Time-of-check time-of-use race condition for some Intel(R) Battery Life Diagnostic Tool software before version 2.4.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-5803HigOct 3, 2024
    risk 0.49cvss 7.5epss 0.00

    The AVGUI.exe of AVG/Avast Antivirus before versions before 24.1 can allow a local attacker to escalate privileges via an COM hijack in a time-of-check to time-of-use (TOCTOU) when self protection is disabled.

  • CVE-2024-39894HigJul 2, 2024
    risk 0.49cvss 7.5epss 0.02

    OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.

  • CVE-2026-50631HigJun 12, 2026
    risk 0.48cvss 7.4epss 0.00

    A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by…

  • CVE-2025-64390HigJun 2, 2026
    risk 0.48cvss 7.4epss 0.00

    A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J (Blu-ray Disc Java) sandbox can be escaped through a malformed JAR file.

  • CVE-2026-34354HigMay 8, 2026
    risk 0.48cvss 7.4epss 0.00

    Akamai Guardicore Platform Agent (GPA) and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directory. It accepts unauthenticated IPC control messages. This enables a TOCTOU…

  • CVE-2024-29149HigMay 7, 2024
    risk 0.48cvss 7.4epss 0.00

    An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the verified firmware image…

  • CVE-2026-53831HigJun 12, 2026
    risk 0.47cvss 8.3epss 0.00

    OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read…

  • CVE-2026-42306HigJun 12, 2026
    risk 0.47cvss 7.2epss 0.00

    Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount…

  • CVE-2026-2638HigJun 9, 2026
    risk 0.47cvss epss 0.00

    A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption.

  • CVE-2025-20037HigAug 12, 2025
    risk 0.47cvss 7.2epss 0.00

    Time-of-check time-of-use race condition in firmware for some Intel(R) Converged Security and Management Engine may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2024-22185HigNov 13, 2024
    risk 0.47cvss 7.2epss 0.00

    Time-of-check Time-of-use Race Condition in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2024-48322HigNov 11, 2024
    risk 0.47cvss 8.1epss 0.01

    UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability.

  • CVE-2023-32282HigMar 14, 2024
    risk 0.47cvss 7.2epss 0.00

    Race condition in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2025-71215HigMay 21, 2026
    risk 0.46cvss 7.0epss 0.00

    A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute…

  • CVE-2026-41272HigApr 23, 2026
    risk 0.46cvss 7.1epss 0.00

    Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers (secureAxiosRequest and secureFetch) intended to prevent Server-Side Request Forgery (SSRF) contain multiple logic flaws. These flaws allow…