HIGHCVE-2026-30332Published 2026-04-02Modified 2026-04-02CNA mitre

CVE-2026-30332: A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2

A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process.

CVSS v3.1: 7.5
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

n/a / n/a
n/a

CVSS Vector

CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:C/UI:R

References

github.com
balena.io
github.com

Metrics