balena-io/etcher

Releases320

Frequency1 week 4 days

Last Release about 1 month ago

Stars33.9K

Flash OS images to SD cards & USB drives, safely and easily.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-30332 ↗	Apr 2, 2026Thursday, 2 April 2026, 16:16	7.5 HIGH	—
A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process.