CVE-2026-30332

Published
View on NVD ↗
CVSS v3
7.5
HIGH
CVSS v2
N/A
Affected
2
PROJECTS

Description

A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process.

B1tBreaker/CVE-2026-30332
B1tBreaker/CVE-2026-30332
Balena Etcher versions prior to v2.1.4 on Windows are affected by a Time-of-Check to Time-of-Use (TOCTOU) race condition in the temporary file handling.
GitHubGitHub
balena-io/etcher
balena-io/etcher
Flash OS images to SD cards & USB drives, safely and easily.
GitHubGitHub
33.9K