Skip to main content

Microsoft CVE-2026-30332

| EUVDEUVD-2026-18350 HIGH
Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
2026-04-02 mitre
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 02, 2026 - 16:00 euvd
EUVD-2026-18350
Analysis Generated
Apr 02, 2026 - 16:00 vuln.today
CVE Published
Apr 02, 2026 - 00:00 nvd
HIGH 7.5

DescriptionCVE.org

A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process.

AnalysisAI

TOCTOU race condition in Balena Etcher for Windows (versions prior to 2.1.4) enables local privilege escalation to arbitrary code execution when attackers replace legitimate scripts with malicious payloads during disk flashing operations. The vulnerability requires low privileges and user interaction but achieves high impact across confidentiality, integrity, and availability with scope change. No public exploit identified at time of analysis, though technical details are available via researcher disclosure (B1tBreaker). EPSS data not available, but the local attack vector and high complexity reduce immediate remote exploitation risk.

Technical ContextAI

Balena Etcher is a popular open-source disk image flashing utility for creating bootable USB drives and SD cards. This vulnerability exploits a Time-of-Check to Time-of-Use (TOCTOU) race condition in the Windows implementation, where the application validates a script file's legitimacy but fails to maintain exclusive control between verification and execution. An attacker with local access can exploit the time window between these operations to atomically replace the validated script with malicious code, which then executes with Etcher's elevated privileges. TOCTOU vulnerabilities are a classic concurrency issue where the state of a resource changes between security check and resource use, bypassing access controls. The scope change (S:C) in the CVSS vector indicates the vulnerability allows breaking out of Etcher's security boundary to impact other system resources.

RemediationAI

Upgrade Balena Etcher to version 2.1.4 or later, which contains fixes for the TOCTOU race condition vulnerability. Download the patched release from the official Balena Etcher website or GitHub releases page at github.com/balena-io/etcher. Organizations should verify the installed version and deploy the update through software management systems. Until patching is complete, implement compensating controls including restricting Etcher usage to trusted administrators only, monitoring for unauthorized script modifications in Etcher's working directories, and running Etcher in isolated environments when processing untrusted disk images. Review Balena's security advisory at balena.io/security and GitHub issue 4500 for additional vendor guidance. No effective workaround exists that fully mitigates the race condition without upgrading, as the vulnerability is inherent to the application's script handling logic in affected versions.

Share

CVE-2026-30332 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy