VYPR

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

BaseIncompleteLikelihood: Medium

Description

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-27 · CAPEC-29

CVEs mapped to this weakness (249)

page 9 of 13
  • CVE-2026-22751MedApr 21, 2026
    risk 0.24cvss 4.8epss 0.00

    Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use (TOCTOU) race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0…

  • CVE-2026-27456MedApr 3, 2026
    risk 0.24cvss 4.7epss 0.00

    util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path…

  • CVE-2025-21746MedFeb 27, 2025
    risk 0.24cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: Input: synaptics - fix crash when enabling pass-through port When enabling a pass-through port an interrupt might come before psmouse driver binds to the pass-through port. However synaptics sub-driver tries…

  • CVE-2023-37867LowNov 30, 2023
    risk 0.24cvss 3.7epss 0.00

    Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR – Yet Another Star Rating Plugin for WordPress.This issue affects YASR – Yet Another Star Rating Plugin for WordPress: from n/a through 3.3.8.

  • CVE-2026-35376MedApr 22, 2026
    risk 0.22cvss 4.5epss 0.00

    A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the chcon utility of uutils coreutils during recursive operations. The implementation resolves recursive targets using a fresh path lookup (via fts_accpath) rather than binding the traversal and label application to…

  • CVE-2026-34224MedMar 31, 2026
    risk 0.22cvss 4.4epss 0.00

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.64 and 9.7.0-alpha.8, an attacker who possesses a valid authentication provider token and a single MFA recovery code or SMS one-time password can create…

  • CVE-2025-46415LowJun 27, 2025
    risk 0.21cvss 3.2epss 0.00

    A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.

  • CVE-2026-32602MedApr 6, 2026
    risk 0.20cvss 4.2epss 0.00

    Homarr is an open-source dashboard. Prior to 1.57.0, the user registration endpoint (/api/trpc/user.register) is vulnerable to a race condition that allows an attacker to create multiple user accounts from a single-use invite token. The registration flow performs three…

  • CVE-2026-1035LowJan 21, 2026
    risk 0.20cvss 3.1epss 0.00

    A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not…

  • CVE-2025-46336MedMay 8, 2025
    risk 0.20cvss 4.2epss 0.00

    Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the…

  • CVE-2026-6733lowJun 17, 2026
    risk 0.17cvss 3.7epss 0.00

    undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

  • CVE-2026-7837LowMay 21, 2026
    risk 0.17cvss 3.7epss 0.00

    A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions.

  • CVE-2026-7846LowMay 5, 2026
    risk 0.17cvss 2.6epss 0.00

    A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument…

  • CVE-2026-35648LowApr 10, 2026
    risk 0.17cvss 3.7epss 0.00

    OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued node actions are not revalidated against current command policy when delivered. Attackers can exploit stale allowlists or declarations that survive policy tightening to execute unauthorized commands.

  • CVE-2026-21725LowFeb 25, 2026
    risk 0.17cvss 2.6epss 0.00

    A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior…

  • CVE-2024-37181LowJan 16, 2025
    risk 0.17cvss 2.6epss 0.00

    Time-of-check time-of-use race condition in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable information disclosure via adjacent access.

  • CVE-2026-35362LowApr 22, 2026
    risk 0.16cvss 3.6epss 0.00

    The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use (TOCTOU) symlink races using file-descriptor-relative syscalls, is incorrectly limited to Linux targets. On other Unix-like systems such as macOS and FreeBSD, the…

  • CVE-2026-33659LowApr 13, 2026
    risk 0.16cvss 3.5epss 0.00

    EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery (SSRF) via a DNS rebinding (TOCTOU) condition. Host validation uses…

  • CVE-2026-35353LowApr 22, 2026
    risk 0.14cvss 3.3epss 0.00

    The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions (typically 0755) before subsequently changing them to the requested mode via a separate chmod system call. In multi-user…

  • CVE-2026-5958LowApr 20, 2026
    risk 0.14cvss epss 0.00

    When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is…