B1tBreaker/CVE-2026-30332

Releases0

Balena Etcher versions prior to v2.1.4 on Windows are affected by a Time-of-Check to Time-of-Use (TOCTOU) race condition in the temporary file handling.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-30332 ↗	Apr 2, 2026Thursday, 2 April 2026, 16:16	7.5 HIGH	—
A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process.