CWE-362— Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.— MITRE CWE catalog
2,207 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-362page 42 of 45
- CVE-2026-28830MEDIUMCVSS 4.7EG 4.72026-05-11
A race condition was addressed with additional validation. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.
- CVE-2026-28924HIGHCVSS 7.5EG 7.52026-05-11
A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access Contacts without user consent.
- CVE-2026-28986HIGHCVSS 7.5EG 7.52026-05-11
A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be a…
- CVE-2026-28992MEDIUMCVSS 4.7EG 4.72026-05-11
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, wa…
- CVE-2026-28996MEDIUMCVSS 5.5EG 5.52026-05-11
A race condition was addressed with additional validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to access s…
- CVE-2026-3006HIGHCVSS 7.0EG 7.02026-04-27
Successful exploitation of the race condition vulnerability could allow an attacker to trigger a kernel heap overflow, potentially leading to local privilege escalation and granting system-level access to the affected software.
- CVE-2026-31456MEDIUMCVSS 4.7EG 4.72026-04-22
In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between concurrent split and refault The splitting of a PUD entry in walk_pud_range() can race with a concurrent thread refaulting the PUD leaf ent…
- CVE-2026-31466MEDIUMCVSS 4.7EG 4.72026-04-22
In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix folio isn't locked in softleaf_to_folio() On arm64 server, we found folio that get from migration entry isn't locked in softleaf_to_folio(). This is…
- CVE-2026-31516HIGHCVSS 7.8EG 7.82026-04-22
In the Linux kernel, the following vulnerability has been resolved: xfrm: prevent policy_hthresh.work from racing with netns teardown A XFRM_MSG_NEWSPDINFO request can queue the per-net work item policy_hthresh.work onto the system workq…
- CVE-2026-31572MEDIUMCVSS 4.7EG 4.72026-04-24
In the Linux kernel, the following vulnerability has been resolved: i2c: designware: amdisp: Fix resume-probe race condition issue Identified resume-probe race condition in kernel v7.0 with the commit 38fa29b01a6a ("i2c: designware: Comb…
- CVE-2026-31700HIGHCVSS 7.8EG 7.82026-05-01
In the Linux kernel, the following vulnerability has been resolved: net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() In tpacket_snd(), when PACKET_VNET_HDR is enabled, vnet_hdr points directly into the mmap'd TX ring buffe…
- CVE-2026-31728MEDIUMCVSS 4.7EG 4.72026-05-01
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop A race condition between gether_disconnect() and eth_stop() leads to a NULL pointer dereference. Sp…
- CVE-2026-31751MEDIUMCVSS 4.7EG 4.72026-05-01
In the Linux kernel, the following vulnerability has been resolved: comedi: dt2815: add hardware detection to prevent crash The dt2815 driver crashes when attached to I/O ports without actual hardware present. This occurs because syzkall…
- CVE-2026-31761HIGHCVSS 7.8EG 7.82026-05-01
In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050: Move iio_device_register() to correct location iio_device_register() should be at the end of the probe function to prevent race conditions. Place ii…
- CVE-2026-32018LOWCVSS 3.6EG 3.62026-03-19
OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in concurrent updateRegistry and removeRegistryEntry operations for sandbox containers and browsers. Attackers can exploit unsynchronized read-modify-write operati…
- CVE-2026-32068HIGHCVSS 7.0EG 7.02026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
- CVE-2026-32082HIGHCVSS 7.0EG 7.02026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
- CVE-2026-32083HIGHCVSS 7.0EG 7.02026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
- CVE-2026-32086HIGHCVSS 7.0EG 7.02026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
- CVE-2026-32088MEDIUMCVSS 6.1EG 6.12026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack.
- CVE-2026-32089HIGHCVSS 7.8EG 7.82026-04-14
Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
- CVE-2026-32090HIGHCVSS 7.8EG 7.82026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
- CVE-2026-32091HIGHCVSS 8.4EG 8.42026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
- CVE-2026-32093HIGHCVSS 7.0EG 7.02026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
- CVE-2026-32150HIGHCVSS 7.0EG 7.02026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
- CVE-2026-32153HIGHCVSS 7.8EG 7.82026-04-14
Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
- CVE-2026-32158HIGHCVSS 7.8EG 7.82026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
- CVE-2026-32159HIGHCVSS 7.8EG 7.82026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
- CVE-2026-32160HIGHCVSS 7.8EG 7.82026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
- CVE-2026-32161HIGHCVSS 7.5EG 7.52026-05-12
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.
- CVE-2026-32163HIGHCVSS 7.8EG 7.82026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
- CVE-2026-32164HIGHCVSS 7.8EG 7.82026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
- CVE-2026-32165HIGHCVSS 7.8EG 7.82026-04-14
Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
- CVE-2026-32219HIGHCVSS 7.0EG 7.02026-04-14
Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
- CVE-2026-32226MEDIUMCVSS 5.9EG 5.92026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.
- CVE-2026-32398MEDIUMCVSS 6.5EG 6.52026-03-13
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This issue affects TeraWallet – For WooC…
- CVE-2026-32848MEDIUMCVSS 4.7EG 4.72026-05-18
NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodev_op() within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently issuing CIOCCRYPT operations on the sam…
- CVE-2026-33104HIGHCVSS 7.0EG 7.02026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
- CVE-2026-33544HIGHCVSS 7.7EG 7.72026-04-02
Tinyauth is an authentication and authorization server. Prior to version 5.0.5, all three OAuth service implementations (GenericOAuthService, GithubOAuthService, GoogleOAuthService) store PKCE verifiers and access tokens as mutable struct …
- CVE-2026-33827HIGHCVSS 8.1EG 8.12026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
- CVE-2026-33839HIGHCVSS 7.0EG 7.02026-05-12
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
- CVE-2026-34331HIGHCVSS 7.0EG 7.02026-05-12
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
- CVE-2026-34334HIGHCVSS 7.8EG 7.82026-05-12
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
- CVE-2026-34337HIGHCVSS 7.8EG 7.82026-05-12
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
- CVE-2026-34342HIGHCVSS 7.0EG 7.02026-05-12
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
- CVE-2026-34345HIGHCVSS 7.0EG 7.02026-05-12
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2026-34351HIGHCVSS 7.8EG 7.82026-05-12
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
- CVE-2026-34849LOWCVSS 2.5EG 2.52026-04-13
UAF vulnerability in the screen management module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-34850LOWCVSS 1.9EG 1.92026-04-13
Race condition vulnerability in the notification service. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-34851LOWCVSS 2.2EG 2.22026-04-13
Race condition vulnerability in the event notification module. Impact: Successful exploitation of this vulnerability may affect availability.
Map vulnerabilities like CWE-362 to your infrastructure
EchelonGraph correlates every CVE — across CWE-362 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →