Skip to main content

Iq Multiaccess

1 CVEs product

Monthly

CVE-2026-13742 MEDIUM This Month

Honeywell IQ MultiAccess physical access control software, all versions through V28, improperly verifies digital signatures on downloaded files due to a time-of-check/time-of-use (TOCTOU) race condition, allowing a local low-privileged attacker to replace a legitimately verified file with a malicious one in the window between signature check and file consumption. Successful exploitation yields high integrity and availability impact on the vulnerable system, as the replaced file may execute attacker-controlled code or corrupt system components. No public exploit identified at time of analysis; Honeywell has released patches V27 SP1 and V28 SP1.

Honeywell Information Disclosure Iq Multiaccess
NVD
CVSS 4.0
5.9
EPSS
0.1%
EPSS 0% CVSS 5.9
MEDIUM This Month

Honeywell IQ MultiAccess physical access control software, all versions through V28, improperly verifies digital signatures on downloaded files due to a time-of-check/time-of-use (TOCTOU) race condition, allowing a local low-privileged attacker to replace a legitimately verified file with a malicious one in the window between signature check and file consumption. Successful exploitation yields high integrity and availability impact on the vulnerable system, as the replaced file may execute attacker-controlled code or corrupt system components. No public exploit identified at time of analysis; Honeywell has released patches V27 SP1 and V28 SP1.

Honeywell Information Disclosure Iq Multiaccess
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy