CVE-2026-2364
Published: 10 March 2026
Summary
CVE-2026-2364 is a high-severity Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) vulnerability in Certvde (inferred from references). Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-5 (Access Restrictions for Change).
Deeper analysis
CVE-2026-2364 is a Time-of-Check to Time-of-Use (TOCTOU) vulnerability, classified under CWE-367, affecting the installer for the CODESYS Development System. Published on 2026-03-10, it carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). The flaw arises during self-update prompts or installation initiation confirmed by a legitimate user, enabling privilege escalation.
A low-privileged local attacker can exploit this vulnerability by racing the TOCTOU condition in the installer process. Exploitation requires local access, low complexity, and user interaction from a legitimate user to confirm the update or installation. Successful exploitation allows the attacker to gain elevated rights, resulting in high impacts to confidentiality, integrity, and availability without changing scope.
Mitigation details are provided in the advisory VDE-2026-012 from certvde.com, available at https://certvde.com/de/advisories/VDE-2026-012.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-10476
Vulnerability details
If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
TOCTOU race condition in local installer directly enables local privilege escalation via exploitation of the vulnerable process.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly restricts access to software installation and update operations, blocking the TOCTOU race that occurs when a user confirms a CODESYS installer action.
Enforces least privilege on the installer process so a low-privileged local attacker cannot obtain elevated rights even if the TOCTOU window is won.
Requires integrity verification of installer files and execution flow, which can detect or block the tampering that exploits the TOCTOU condition.