Cyber Resilience

CVE-2026-2364

High

Published: 10 March 2026

Published
10 March 2026
Modified
11 March 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0001 2.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2364 is a high-severity Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) vulnerability in Certvde (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-5 (Access Restrictions for Change).

Deeper analysis

CVE-2026-2364 is a Time-of-Check to Time-of-Use (TOCTOU) vulnerability, classified under CWE-367, affecting the installer for the CODESYS Development System. Published on 2026-03-10, it carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). The flaw arises during self-update prompts or installation initiation confirmed by a legitimate user, enabling privilege escalation.

A low-privileged local attacker can exploit this vulnerability by racing the TOCTOU condition in the installer process. Exploitation requires local access, low complexity, and user interaction from a legitimate user to confirm the update or installation. Successful exploitation allows the attacker to gain elevated rights, resulting in high impacts to confidentiality, integrity, and availability without changing scope.

Mitigation details are provided in the advisory VDE-2026-012 from certvde.com, available at https://certvde.com/de/advisories/VDE-2026-012.

EU & UK References

Vulnerability details

If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

TOCTOU race condition in local installer directly enables local privilege escalation via exploitation of the vulnerable process.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-53028Shared CWE-367
CVE-2026-41651Shared CWE-367
CVE-2026-41702Shared CWE-367
CVE-2026-27750Shared CWE-367
CVE-2026-21240Shared CWE-367
CVE-2026-45208Shared CWE-367
CVE-2024-45560Shared CWE-367
CVE-2023-20548Shared CWE-367
CVE-2024-53032Shared CWE-367
CVE-2026-20831Shared CWE-367

Affected Assets

Certvde
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly restricts access to software installation and update operations, blocking the TOCTOU race that occurs when a user confirms a CODESYS installer action.

prevent

Enforces least privilege on the installer process so a low-privileged local attacker cannot obtain elevated rights even if the TOCTOU window is won.

preventdetect

Requires integrity verification of installer files and execution flow, which can detect or block the tampering that exploits the TOCTOU condition.

References