CWE-367

TOCTOU Race Condition

MITRE

No catalog description on file. The MITRE CWE site has the canonical reference.

CVEs (total)

Critical

High

Medium

Low

Severity distribution

Recent CVEs

showing 24 of 24

CVE-2026-54228High· 7.89 h ago
A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can call SetElement to write arbitrary text fi
CVE-2026-53838Critical· 9.814 h ago
OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. Attackers can exploit reconnection logic to restore or present broader node authori
CVE-2026-53831High· 8.314 h ago
OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacha
CVE-2026-53822High· 8.814 h ago
OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist approval to execute unapproved command shapes
CVE-2026-54055Medium· 5.0EPSS 0%16 h ago
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on
CVE-2026-53806High· 8.8EPSS 0%17 h ago
OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell options to execute inline shell content wi
CVE-2026-42306High· 7.2EPSS 0%17 h ago
Docker: Race condition in docker cp allows bind mount redirection to host path
go
CVE-2026-41568Medium· 6.1EPSS 0%17 h ago
Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap
go
CVE-2026-50631High· 7.4EPSS 0%18 h ago
A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh to
CVE-2025-38352High· 7.4KEVEPSS 0%20 h ago
Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability
CVE-2022-48618High· 7.0KEVEPSS 0%20 h ago
Apple Multiple Products Memory Corruption Vulnerability
CVE-2025-22224Critical· 9.3KEVEPSS 47%20 h ago
VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2023-35311High· 8.8KEVEPSS 0%20 h ago
Microsoft Outlook Security Feature Bypass Vulnerability
CVE-2024-30088High· 7.0KEVEPSS 88%20 h ago
Microsoft Windows Kernel TOCTOU Race Condition Vulnerability
CVE-2026-45487High· 7.8EPSS 0%1 d ago
Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally.
CVE-2026-4878Medium· 6.7EPSS 0%2 d ago
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capa
CVE-2026-24191High· 7.8EPSS 0%2 d ago
NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information di
CVE-2026-24067High· 8.4EPSS 0%2 d ago
Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC c
CVE-2026-46194Medium· 4.7EPSS 0%2 d ago
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix node_cnt race between extent node destroy and writeback f2fs_destroy_extent_node() does not set FI_NO_EXTENT before clearing extent nodes. When called from f2fs
CVE-2026-46159Medium· 4.7EPSS 0%3 d ago
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak btrfs_ioctl_space_info() has a TOCTOU race between two passes over the block group RAID
CVE-2026-49958Medium· 5.0EPSS 0%3 d ago
Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use (TOCTOU) race condition vulnerability in the git_discard function within api/workspace_git.py that allows attackers to delete files outside the configured workspace b
CVE-2026-24065High· 8.1EPSS 0%3 d ago
Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged helper service. The helper validates connecting XPC clients using the client process identifier (PID) to verify code
CVE-2026-45647Medium· 5.5EPSS 0%3 d ago
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
CVE-2026-2638—EPSS 0%3 d ago
A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption.

CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.