CVE-2026-30332

| EUVD-2026-18350 HIGH
2026-04-02 mitre
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Apr 02, 2026 - 16:00 vuln.today
EUVD ID Assigned
Apr 02, 2026 - 16:00 euvd
EUVD-2026-18350
CVE Published
Apr 02, 2026 - 00:00 nvd
HIGH 7.5

Tags

RCE Microsoft

Description

A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process.

Analysis

TOCTOU race condition in Balena Etcher for Windows (versions prior to 2.1.4) enables local privilege escalation to arbitrary code execution when attackers replace legitimate scripts with malicious payloads during disk flashing operations. The vulnerability requires low privileges and user interaction but achieves high impact across confidentiality, integrity, and availability with scope change. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Inventory all systems running Balena Etcher for Windows and identify current versions in use. Within 7 days: Upgrade all instances of Balena Etcher to version 2.1.4 or later; temporarily restrict Etcher usage to administratively-supervised environments only if upgrade cannot be completed. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +38
POC: 0

Share

CVE-2026-30332 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy