CVE-2026-30332

High CVSS: 7.5

A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process.

Vendor

Product

CWE

CWE-367

Yayın Tarihi

2026-04-02 16:16:22

Güncelleme

2026-04-03 16:10:23

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-367 HIGH 2026

Referanslar

https://github.com/B1tBreaker/CVE-2026-30332 https://github.com/balena-io/etcher/issues/4500 https://www.balena.io/security