VYPR

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

BaseIncompleteLikelihood: Medium

Description

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-27 · CAPEC-29

CVEs mapped to this weakness (249)

page 5 of 13
  • CVE-2026-20454MedJun 1, 2026
    risk 0.42cvss 6.4epss 0.00

    In geniezone, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID:…

  • CVE-2026-45619MedMay 29, 2026
    risk 0.42cvss 6.5epss 0.00

    WWBN AVideo is an open source video platform. In 29.0 and earlier, EpgParser.php, plugin/AI/receiveAsync.json.php, and other locations do not use the $resolvedIP out-param of isSSRFSafeURL() for DNS pinning via CURLOPT_RESOLVE, opening DNS-rebinding TOCTOU.

  • CVE-2026-9796MedMay 28, 2026
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in Keycloak. An authenticated administrator with the `manage-clients` role can exploit a Time-of-check to time-of-use (TOCTOU) vulnerability in the name-based admin role checks. This allows the attacker to escalate their privileges to `realm-admin` for all users…

  • CVE-2025-69233MedMay 8, 2026
    risk 0.42cvss 6.5epss 0.00

    Due to multiple time-of-check time-of-use race conditions in the resource count check and increment logic, as well as missing validations, users of the platform are able to exceed the allocation limits configured for their accounts/domains. This can be used by an attacker to…

  • CVE-2026-32988HigMar 31, 2026
    risk 0.42cvss 7.5epss 0.00

    OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write…

  • CVE-2025-32784HigApr 15, 2025
    risk 0.42cvss epss 0.00

    conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race condition vulnerability has been identified in the conda-forge-webservices component used within the shared build infrastructure. This…

  • CVE-2024-51563MedNov 12, 2024
    risk 0.42cvss 6.5epss 0.00

    The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition.

  • CVE-2026-35374MedApr 22, 2026
    risk 0.41cvss 6.3epss 0.00

    A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity between input and output files using their file paths before initiating the split operation. However, the…

  • CVE-2026-35364MedApr 22, 2026
    risk 0.41cvss 6.3epss 0.00

    A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it through a copy operation. A local attacker with write access to the destination…

  • CVE-2026-35360MedApr 22, 2026
    risk 0.41cvss 6.3epss 0.00

    The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file creation. When the utility identifies a missing path, it later attempts creation using File::create(), which internally uses O_TRUNC. An attacker can exploit…

  • CVE-2025-62511MedOct 17, 2025
    risk 0.41cvss 6.3epss 0.00

    yt-grabber-tui is a C++ terminal user interface application for downloading YouTube content. yt-grabber-tui version 1.0 contains a Time-of-Check to Time-of-Use (TOCTOU) race condition (CWE-367) in the creation of the default configuration file config.json. In version 1.0,…

  • CVE-2026-41568MedJun 12, 2026
    risk 0.40cvss 6.1epss 0.00

    Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or…

  • CVE-2025-41259HigJun 3, 2026
    risk 0.40cvss epss 0.00

    SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update.

  • CVE-2026-41002HigMay 7, 2026
    risk 0.40cvss 7.2epss 0.00

    The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use (TOCTOU) attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to…

  • CVE-2025-31146MedNov 11, 2025
    risk 0.40cvss 6.1epss 0.00

    Time-of-check time-of-use race condition for some Intel Ethernet Adapter Complete Driver Pack software before version 1.5.1.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity…

  • CVE-2025-44002MedAug 26, 2025
    risk 0.40cvss 6.1epss 0.00

    Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link…

  • CVE-2024-10972HigDec 16, 2024
    risk 0.40cvss 7.3epss 0.00

    Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory’s access right under the control of the user-mode application. This is due to…

  • CVE-2026-54096higJun 12, 2026
    risk 0.39cvss epss 0.00

    ### Summary This is similar vulnrability of **`CVE-2026-0035`**, which was fixed in Android `MediaProvider` with **high** severity. In the original Java issue, `MediaStore.createWriteRequest()` accepted attacker-controlled URIs and created a future grant even when the referenced…

  • CVE-2026-29518HigMay 20, 2026
    risk 0.39cvss 7.0epss 0.00

    Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access…

  • CVE-2026-34596HigMay 5, 2026
    risk 0.39cvss 7.0epss 0.00

    Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use (TOCTOU) race condition exists during addon installation. When a user installs an addon through the SandMan interface, UpdUtil.exe is…