Tag

Toctou

4 briefs RSS

CVE-2025-68146 filelock TOCTOU Race Condition Enables Symlink Attacks

CVE-2025-68146 describes a Time-of-Check Time-of-Use (TOCTOU) race condition vulnerability in the filelock library that could allow for symlink attacks during lock file creation, potentially leading to unauthorized file access or modification.

TOCTOU symlink filelock CVE-2025-68146 race condition

2r 1c 5d ago

high advisory

Windows LUAFV TOCTOU Vulnerability Allows Local Privilege Escalation (CVE-2026-27929)

2 rules 1 TTP 1 CVE 1 IOC

CVE-2026-27929 is a time-of-check time-of-use (TOCTOU) race condition in Windows LUAFV that allows an authorized local attacker to elevate privileges.

privilege-escalation toctou windows

2r 1t 1c 1i 2w ago

critical advisory

OpenClaw TOCTOU Race Condition Leads to Sandbox Escape

2 rules 1 TTP

A critical time-of-check time-of-use (TOCTOU) vulnerability in OpenClaw's remote file system bridge allows a sandbox escape by exploiting the delay between path validation and file reading, affecting versions up to 2026.3.28.

openclaw sandbox-escape toctou

2r 1t Apr 3, 2026

high advisory

Balena Etcher for Windows TOCTOU Vulnerability

2 rules 1 TTP 1 CVE

A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code by replacing a legitimate script with a crafted payload during the flashing process.

privilege-escalation toctou balena-etcher

2r 1t 1c Apr 2, 2026