CWE-367— Time-of-check Time-of-use (TOCTOU) Race Condition
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.— MITRE CWE catalog
659 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-367page 11 of 14
- CVE-2025-64645HIGHCVSS 7.7EG 7.72025-12-26
IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate their privileges due to a race condition of a symbolic link.
- CVE-2025-67124MEDIUMCVSS 6.8EG 6.82026-01-23
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization (when uploads are enabled) can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can creat…
- CVE-2025-68146MEDIUMCVSS 6.3EG 6.32025-12-16
filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use (TOCTOU) race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulne…
- CVE-2025-69211HIGHCVSS 7.4EG 7.42025-12-29
Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it uses `@nestjs/platform-fastify`; relies on `NestM…
- CVE-2025-69233MEDIUMCVSS 6.5EG 6.52026-05-08
Due to multiple time-of-check time-of-use race conditions in the resource count check and increment logic, as well as missing validations, users of the platform are able to exceed the allocation limits configured for their accounts/domains…
- CVE-2025-71111CVSS 0.0EG 4.72026-01-14
In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83791d) Convert macros to functions to avoid TOCTOU The macro FAN_FROM_REG evaluates its arguments multiple times. When used in lockless contexts involving shar…
- CVE-2025-71215HIGHCVSS 7.0EG 7.02026-05-21
A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first ob…
- CVE-2025-71216HIGHCVSS 7.8EG 7.82026-05-21
A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to e…
- CVE-2025-71225CVSS 0.0EG 5.32026-02-18
In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updating raid_disks via sysfs In raid1_reshape(), freeze_array() is called before modifying the r1bio memory pool (conf->r1bio_pool) and conf->ra…
- CVE-2025-8192MEDIUMCVSS 6.9EG 6.92025-07-31
There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the …
- CVE-2025-9810MEDIUMCVSS 5.8EG 5.82025-09-01
TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen("w") on the history path and subsequent chmod() on the same path.
- CVE-2026-0924HIGHCVSS 7.0EG 7.02026-02-02
BuhoCleaner contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoCleaner: 1.15.2.
- CVE-2026-1035LOWCVSS 3.1EG 3.12026-01-21
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and updat…
- CVE-2026-12374MEDIUMCVSS 6.4EG 6.42026-07-01
Improper certificate validation and a time-of-check time-of-use (TOCTOU) race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root vi…
- CVE-2026-13502MEDIUMCVSS 4.5EG 4.52026-06-28
A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main/java/org/antlr/mojo/antlr4/GrammarDependencies.java of the component Maven Plugin. This man…
- CVE-2026-13742MEDIUMCVSS 5.9EG 5.92026-06-29
Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded …
- CVE-2026-14160MEDIUMCVSS 5.9EG 5.92026-06-30
Time-of-check time-of-use (TOCTOU) race condition vulnerability in Samsung Open Source Escargot allows Leveraging Race Conditions. This issue affects Escargot: bab3a5797557014ce3c2e28419a6310cfba90d0d.
- CVE-2026-1880MEDIUMCVSS 5.4EG 5.42026-04-16
An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a lo…
- CVE-2026-20454MEDIUMCVSS 6.4EG 6.42026-06-01
In geniezone, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation…
- CVE-2026-20677CRITICALCVSS 9.0EG 9.02026-02-11
A race condition was addressed with improved handling of symbolic links. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. A shortcut may be able to bypass …
- CVE-2026-20796LOWCVSS 3.1EG 3.12026-02-13
Mattermost versions 10.11.x <= 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /common_teams …
- CVE-2026-20809HIGHCVSS 7.8EG 7.82026-01-13
Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.
- CVE-2026-20816HIGHCVSS 7.8EG 7.82026-01-13
Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally.
- CVE-2026-20831HIGHCVSS 7.8EG 7.82026-01-13
Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2026-21240HIGHCVSS 7.8EG 7.82026-02-10
Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
- CVE-2026-21523HIGHCVSS 8.0EG 8.02026-02-10
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
- CVE-2026-21725LOWCVSS 2.6EG 2.62026-02-25
A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin…
- CVE-2026-21912MEDIUMCVSS 5.5EG 5.52026-01-15
A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system fi…
- CVE-2026-22281LOWCVSS 3.5EG 3.52026-01-22
Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains a Time-of-check Time-of-use (TOCTOU) race condit…
- CVE-2026-22701MEDIUMCVSS 5.3EG 5.32026-01-10
filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permiss…
- CVE-2026-22751MEDIUMCVSS 4.8EG 4.82026-04-21
Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use (TOCTOU) race condition. This issue affects Spring Security:…
- CVE-2026-22820LOWCVSS 3.7EG 3.72026-01-14
Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5.
- CVE-2026-23212CVSS 0.0EG 4.72026-02-18
In the Linux kernel, the following vulnerability has been resolved: bonding: annotate data-races around slave->last_rx slave->last_rx and slave->target_last_arp_rx[...] can be read and written locklessly. Add READ_ONCE() and WRITE_ONCE()…
- CVE-2026-23554HIGHCVSS 7.8EG 7.82026-03-23
The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, so that multiple modifications done under the same locked region only issue a single flush. Freeing of paging structur…
- CVE-2026-23950MEDIUMCVSS 5.9EG 8.82026-01-20
node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the `path-reservations` system. On case-insensitive or normalization-…
- CVE-2026-23988HIGHCVSS 7.3EG 7.32026-01-22
Rufus is a utility that helps format and create bootable USB flash drives. Versions 4.11 and below contain a race condition (TOCTOU) in src/net.c during the creation, validation, and execution of the Fido PowerShell script. Since Rufus run…
- CVE-2026-24065HIGHCVSS 8.1EG 8.12026-06-09
Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged helper service. The helper validates connecting XPC clients using the client process identifier (PID) to verify cod…
- CVE-2026-24067HIGHCVSS 8.4EG 8.42026-06-10
Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC …
- CVE-2026-24071HIGHCVSS 7.8EG 9.32026-02-02
It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploited by PID reuse attacks. The connection…
- CVE-2026-24191HIGHCVSS 7.8EG 7.82026-05-26
NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information d…
- CVE-2026-24260HIGHCVSS 8.5EG 8.52026-07-01
NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and da…
- CVE-2026-25052CRITICALCVSS 9.9EG 9.92026-02-04
n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the…
- CVE-2026-25260HIGHCVSS 7.8EG 7.82026-06-01
Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.
- CVE-2026-25271HIGHCVSS 7.0EG 7.82026-07-06
Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use.
- CVE-2026-25536HIGHCVSS 7.1EG 7.12026-02-04
MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multipl…
- CVE-2026-25641CRITICALCVSS 10.0EG 10.02026-02-06
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Even though the key us…
- CVE-2026-25728HIGHCVSS 7.5EG 7.52026-02-10
ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #40, a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability exists in ClipBucket's avatar and background image upload functionality. The application mov…
- CVE-2026-26017MEDIUMCVSS 6.3EG 6.32026-03-06
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated be…
- CVE-2026-26206MEDIUMCVSS 6.5EG 6.52026-04-29
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security/user/authenticate can be bypassed by se…
- CVE-2026-26224HIGHCVSS 8.5EG 8.52026-02-12
Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability. A root-executed diagnostic script cr…
Map vulnerabilities like CWE-367 to your infrastructure
EchelonGraph correlates every CVE — across CWE-367 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →