Cyber Posture

CVE-2026-2364

High

Published: 10 March 2026

Published
10 March 2026
Modified
11 March 2026
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0001 2.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2364 is a high-severity Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) vulnerability in Certvde (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068).
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

AU-8 Time Stamps
addresses: CWE-367

Timestamps meeting UTC or offset standards help identify TOCTOU issues through precise chronological reconstruction of check/use operations.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

TOCTOU race condition in local installer directly enables local privilege escalation via exploitation of the vulnerable process.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer.

Deeper analysisAI

CVE-2026-2364 is a Time-of-Check to Time-of-Use (TOCTOU) vulnerability, classified under CWE-367, affecting the installer for the CODESYS Development System. Published on 2026-03-10, it carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). The flaw arises during self-update prompts or installation initiation confirmed by a legitimate user, enabling privilege escalation.

A low-privileged local attacker can exploit this vulnerability by racing the TOCTOU condition in the installer process. Exploitation requires local access, low complexity, and user interaction from a legitimate user to confirm the update or installation. Successful exploitation allows the attacker to gain elevated rights, resulting in high impacts to confidentiality, integrity, and availability without changing scope.

Mitigation details are provided in the advisory VDE-2026-012 from certvde.com, available at https://certvde.com/de/advisories/VDE-2026-012.

Details

CWE(s)
CWE-367

Affected Products

Certvde
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-30332Shared CWE-367
CVE-2026-21240Shared CWE-367
CVE-2024-53028Shared CWE-367
CVE-2026-27750Shared CWE-367
CVE-2026-20816Shared CWE-367
CVE-2025-38352Shared CWE-367
CVE-2024-53032Shared CWE-367
CVE-2026-7791Shared CWE-367
CVE-2026-41651Shared CWE-367
CVE-2025-47407Shared CWE-367

References