VYPR

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

BaseIncompleteLikelihood: Medium

Description

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-27 · CAPEC-29

CVEs mapped to this weakness (249)

page 6 of 13
  • CVE-2026-45720higJun 5, 2026
    risk 0.38cvss epss 0.00

    ## Summary `SAML.getSession` (`internal/pkg/auth/interceptor/saml.go`) checks the `Used` flag on a `SAMLAssertion` resource and then marks it used in two separate state operations. Because the check and the update are not atomic, concurrent requests carrying the same…

  • CVE-2026-45804higMay 20, 2026
    risk 0.38cvss epss 0.00

    ## Background This vulnerability is found in the `diffusers` package - the `transformers`-equivalent library for diffusion models. It is found in the `DiffusionPipeline.from_pretrained` flow, which is used to load a pipeline from the HuggingFace Hub. This function has a…

  • CVE-2017-11830MedNov 15, 2017
    risk 0.38cvss 5.3epss 0.03

    Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability".

  • CVE-2026-41360MedApr 23, 2026
    risk 0.37cvss 6.7epss 0.00

    OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scripts before execution without invalidating the approval plan, allowing execution…

  • CVE-2026-4878MedApr 9, 2026
    risk 0.37cvss 6.7epss 0.00

    A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an…

  • CVE-2026-45647MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

  • CVE-2025-42701MedOct 8, 2025
    risk 0.36cvss 5.6epss 0.00

    A race condition exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 and above and all…

  • CVE-2025-46805MedMay 26, 2025
    risk 0.36cvss 5.5epss 0.00

    Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root.

  • CVE-2026-26206MedApr 29, 2026
    risk 0.35cvss 6.5epss 0.00

    Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security/user/authenticate can be bypassed by sending concurrent authentication…

  • CVE-2026-40896MedApr 20, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with `manage_agendas` permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No…

  • CVE-2026-3428MedApr 16, 2026
    risk 0.35cvss epss 0.00

    A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center(华硕大厅) allows a local user to achieve privilege escalation to Administrator via exploitation of a Time-of-check Time-of-use (TOC-TOU) during the update process, where an…

  • CVE-2026-1880MedApr 16, 2026
    risk 0.35cvss epss 0.00

    An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a local user to make unprivileged…

  • CVE-2026-3590MedApr 15, 2026
    risk 0.35cvss 6.5epss 0.00

    Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated…

  • CVE-2026-43619MedMay 20, 2026
    risk 0.34cvss 6.3epss 0.00

    Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported…

  • CVE-2026-42592MedMay 14, 2026
    risk 0.34cvss 5.3epss 0.00

    Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS…

  • CVE-2026-42344MedMay 8, 2026
    risk 0.34cvss 6.3epss 0.00

    FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding (TOCTOU — Time-of-Check to Time-of-Use). The function resolves the hostname via…

  • CVE-2026-43582MedMay 6, 2026
    risk 0.34cvss 6.3epss 0.00

    OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allows attackers to bypass hostname validation through DNS rebinding attacks. Attackers can exploit inconsistent hostname resolution between validation and actual…

  • CVE-2026-35356MedApr 22, 2026
    risk 0.34cvss 6.3epss 0.00

    A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a second path resolution to create the target file, neither of which is anchored to a…

  • CVE-2026-35355MedApr 22, 2026
    risk 0.34cvss 6.3epss 0.00

    The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file installation. The implementation unlinks an existing destination file and then recreates it using a path-based operation without the O_EXCL flag. A local…

  • CVE-2026-35345MedApr 22, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continues to monitor a path after it has been replaced by a symbolic link, subsequently…