Skip to main content

Race Condition

1814 CVEs technique

Monthly

CVE-2026-28888 MEDIUM PATCH This Month

macOS systems running Sequoia 15.7.4 and earlier, Sonoma 14.8.4 and earlier, and Tahoe 26.3 and earlier contain a race condition in state handling that allows local applications to escalate privileges to root. The vulnerability stems from improper synchronization during critical operations, enabling an attacker with local access to exploit the timing window and gain elevated system privileges. Patches have been released for affected macOS versions.

Apple Race Condition Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-32991 CRITICAL Act Now

N2WS Backup & Recovery before version 4.4.0 contains a remote code execution vulnerability in its RESTful API that requires a two-step attack chain to exploit. An unauthenticated attacker can execute arbitrary code on affected systems, potentially compromising backup and disaster recovery infrastructure. This vulnerability affects the N2WS product line and should be treated as critical given the RCE classification and the security-sensitive nature of backup systems.

RCE Race Condition
NVD VulDB
CVSS 3.1
9.0
EPSS
0.2%
CVE-2025-33254 HIGH This Week

NVIDIA Triton Inference Server contains a race condition vulnerability (CWE-362) that allows unauthenticated remote attackers to corrupt internal server state, resulting in a denial of service. The vulnerability affects NVIDIA Triton Inference Server across multiple versions and can be exploited over the network with low attack complexity requiring no privileges or user interaction. With a CVSS score of 7.5 (High) and an EPSS score not provided, this represents a significant availability risk for organizations running AI/ML inference workloads.

Denial Of Service Nvidia Race Condition
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-33238 HIGH This Week

NVIDIA Triton Inference Server's Sagemaker HTTP server contains a race condition vulnerability that allows unauthenticated remote attackers to trigger an exception, resulting in denial of service. The vulnerability affects NVIDIA Triton Inference Server deployments using the Sagemaker HTTP server component and can be exploited over the network without authentication or user interaction. There is no indication of active exploitation (not in CISA KEV), and EPSS data was not provided, but the CVSS score of 7.5 (High) reflects the ease of exploitation.

Denial Of Service Nvidia Race Condition
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-4684 HIGH PATCH This Week

Mozilla Firefox's WebRender graphics component contains a race condition and use-after-free vulnerability that enables remote code execution when a user visits a malicious webpage. The flaw affects Firefox versions prior to 149, Firefox ESR versions before 115.34 and 140.9, and requires user interaction to trigger. No patch is currently available for this high-severity issue.

Mozilla Race Condition Information Disclosure Firefox Esr
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-4368 HIGH NEWS This Week

Citrix NetScaler ADC and Gateway instances configured for SSL VPN, ICA Proxy, CVPN, RDP Proxy, or AAA virtual servers are vulnerable to a race condition that enables authenticated attackers to hijack other users' sessions. An attacker with valid credentials can exploit timing-dependent conditions to cause session mixup between concurrent users, potentially gaining unauthorized access to sensitive resources or impersonating other authenticated users. No patch is currently available for this high-severity vulnerability.

Citrix Race Condition Information Disclosure
NVD VulDB
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-32887 npm HIGH PATCH This Week

Node.js applications using Effect library versions 3.19.15 and earlier with @effect/rpc 0.72.1 and @effect/platform 0.94.2 are vulnerable to context confusion due to improper AsyncLocalStorage handling in the MixedScheduler, allowing attackers to access sensitive data from other concurrent requests through race conditions. An attacker can exploit the batching mechanism to read or modify context belonging to different requests processed in the same microtask cycle, potentially leading to data leakage between users in multi-tenant environments. No patch is currently available.

Node.js Race Condition Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-23271 HIGH PATCH This Week

A race condition exists in the Linux kernel's perf subsystem where __perf_event_overflow() can execute with only preemption disabled (rather than IRQs disabled) on software events, creating a window for concurrent execution with perf_event_exit_event() and related cleanup functions. This race condition allows the overflow handler to access kernel structures (such as BPF programs) that are being freed concurrently, potentially leading to use-after-free conditions, memory corruption, or privilege escalation. The vulnerability affects multiple stable Linux kernel versions and has patches available across multiple kernel branches (6.12.77, 6.19.7, 7.0-rc2, and others as indicated by the git commit references).

Linux Buffer Overflow Race Condition
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-32018 npm LOW PATCH Monitor

OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in concurrent updateRegistry and removeRegistryEntry operations for sandbox containers and browsers.

Information Disclosure Race Condition Openclaw
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-32700 Ruby MEDIUM PATCH This Month

Devise's Confirmable module with the reconfirmable option enabled contains a race condition that allows attackers to confirm email addresses they don't control by sending concurrent email change requests. By exploiting the desynchronization between the confirmation token and unconfirmed email fields, an attacker can redirect a victim's email confirmation to their own account. This affects all Devise applications using the default Confirmable configuration with email changes, and is patched in Devise v5.0.3.

Race Condition Information Disclosure Red Hat Suse
NVD VulDB GitHub
CVSS 4.0
6.0
EPSS
0.1%
CVE-2026-32723 npm MEDIUM PATCH This Month

SandboxJS 0.8.34 contains a race condition where a shared global tick state allows concurrent sandboxes to interfere with each other's execution quotas during timer callback compilation. An attacker in a multi-tenant environment can exploit this to bypass resource limits and exhaust CPU/memory on the host system. A patch is available.

Race Condition Denial Of Service Node.js
NVD GitHub VulDB
EPSS
0.0%
CVE-2026-32398 MEDIUM This Month

TeraWallet for WooCommerce versions up to 1.5.15 contain a race condition in concurrent transaction handling that allows authenticated attackers to manipulate wallet integrity and perform unauthorized financial operations. An attacker with user-level access can exploit improper synchronization during simultaneous requests to bypass transaction controls and modify account balances. No patch is currently available for this vulnerability.

WordPress Information Disclosure Race Condition
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-32242 npm HIGH POC PATCH This Week

### Impact Parse Server's built-in OAuth2 auth adapter exports a singleton instance that is reused directly across all OAuth2 provider configurations. Under concurrent authentication requests for different OAuth2 providers, one provider's token validation may execute using another provider's configuration, potentially allowing a token that should be rejected by one provider to be accepted because it is validated against a different provider's policy. Deployments that configure multiple OAuth2 providers via the `oauth2: true` flag are affected. ### Patches The fix ensures that a new adapter instance is created for each provider instead of reusing the singleton, so each provider's configuration is isolated. ### Workarounds There is no known workaround. If only a single OAuth2 provider is configured, the race condition cannot occur. ### References - GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-2cjm-2gwv-m892 - Fix Parse Server 9: https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.11 - Fix Parse Server 8: https://github.com/parse-community/parse-server/releases/tag/8.6.37

Node.js Race Condition Information Disclosure Parse Server
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-32232 Cargo PATCH Monitor

### Summary Workspace boundary enforcement currently has three related bypass risks. This issue tracks fixing all three in one pull request. ### Details #### R1 - Dangling Symlink Component Bypass - What happens: Path validation can miss dangling symlink components during traversal checks. - Why it matters: A symlink that is unresolved at validation time can later resolve to an external location. - Impact: Read and write operations may escape workspace boundaries. - Affected area: src/security/path.rs (check_symlink_escape). #### R2 - TOCTOU Between Validation and Use - What happens: The path is validated first, then used later for filesystem operations. - Why it matters: A concurrent filesystem change can swap path components after validation but before open/write. - Impact: Race-based workspace escape is possible. - Affected area: Filesystem and file-consuming tools that call validate_path_in_workspace before I/O. #### R3 - Hardlink Alias Bypass - What happens: A file inside workspace can be a hardlink to an inode outside the intended workspace trust boundary. - Why it matters: Prefix and symlink checks can pass while data access still mutates or reads external content. - Impact: Policy bypass for read/write operations. - Affected area: Any tool that reads or writes via validated paths. #### Risk Matrix | ID | Risk | Severity | Likelihood | Impact | |---|---|---|---|---| | R1 | Dangling symlink component bypass | High | Medium | Workspace boundary escape for read/write | | R2 | Validate/use TOCTOU race | High | Medium | Race-based boundary escape during file I/O | | R3 | Hardlink alias bypass | Medium | Low-Medium | External inode read/write through in-workspace path | ### PoC #### R1 - Dangling symlink component bypass 1. Create a symlink inside workspace pointing to a missing target. 2. Validate a path traversing that symlink. 3. Create the target directory outside workspace after validation. 4. Perform file operation and observe potential boundary escape if not fail-closed. #### R2 - TOCTOU between validation and use 1. Validate a candidate in-workspace path. 2. Before open/write, replace an intermediate component with a link to external location. 3. Continue with the file operation. 4. Observe boundary escape if operation trusts only stale validation result. #### R3 - Hardlink alias bypass 1. Place a hardlink inside workspace that points to an external inode. 2. Validate the in-workspace hardlink path. 3. Read or write through this path. 4. Observe external inode access through a path that appears in-scope. ### Impacts Unauthorized cross path boundary ## Credit [@zpbrent](https://github.com/zpbrent) ### Patch [f50c17e11ae3e2d40c96730abac41974ef2ee2a8](https://github.com/qhkm/zeptoclaw/commit/f50c17e11ae3e2d40c96730abac41974ef2ee2a8)

Path Traversal Race Condition
NVD GitHub
EPSS
0.1%
CVE-2025-22850 Monitor

Time-of-check time-of-use race condition in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure.

Information Disclosure Race Condition
NVD VulDB
EPSS
0.0%
CVE-2025-20028 Monitor

Time-of-check time-of-use race condition in the WheaERST SMM module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege.

Privilege Escalation Race Condition
NVD VulDB
EPSS
0.0%
CVE-2026-31827 HIGH This Week

Alienbin is an anonymous code and text sharing web service. In 1.0.0 and earlier, the /save endpoint in server.js drops and recreates the MongoDB TTL index on the entire post collection for every new paste submission.

Race Condition Information Disclosure
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-31824 PHP HIGH PATCH This Week

Sylius eCommerce Framework is vulnerable to a race condition in promotion and coupon usage limit enforcement, where concurrent requests can bypass redemption restrictions by exploiting a gap between eligibility validation and usage increment operations. An unauthenticated attacker can exploit this TOCTOU vulnerability to redeem promotions or coupons beyond their configured usage limits, potentially causing financial loss through unintended discounts. No patch is currently available.

Race Condition Sylius
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-0121 LOW Monitor

In VPU, there is a possible use-after-free read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. [CVSS 2.9 LOW]

Information Disclosure Race Condition
NVD VulDB
CVSS 3.1
2.9
EPSS
0.0%
CVE-2026-0112 HIGH This Week

Local privilege escalation on Android devices occurs through a race condition in the VPU driver's instance opening function, allowing attackers to trigger a use-after-free condition without requiring special privileges or user interaction. An unprivileged local attacker can exploit this vulnerability to gain elevated system privileges. No patch is currently available for this vulnerability.

Use After Free Privilege Escalation Race Condition Android Google
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-24297 MEDIUM PATCH This Month

Windows Kerberos authentication in Server 2012 and Windows 10 (versions 1607, 1809) contains a race condition that enables unauthenticated remote attackers to circumvent security feature protections. The synchronization flaw in concurrent resource access allows attackers to bypass intended security controls without user interaction over the network. No patch is currently available for this vulnerability.

Race Condition Microsoft Authentication Bypass Windows Server 2012 Windows 10 1607 +6
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24296 HIGH PATCH This Week

Privilege escalation in Windows Device Association Service (Windows 10 versions 1607, 1809, and 21H2) stems from improper synchronization of shared resources, enabling local authenticated users to gain elevated system privileges. The vulnerability requires high attack complexity and no user interaction, making it exploitable by insiders or compromised local accounts. No patch is currently available.

Race Condition Microsoft Information Disclosure Windows Server 2022 23h2 Windows Server 2019 +13
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-24295 HIGH PATCH This Week

Privilege escalation in Windows Device Association Service across Windows 10, 11, and Server 2022 stems from improper synchronization of shared resources, enabling local authenticated users to gain elevated system privileges. The vulnerability requires local access and specific timing conditions but poses high risk due to its impact on confidentiality, integrity, and availability. No patch is currently available.

Race Condition Microsoft Information Disclosure Windows Server 2022 23h2 Windows 11 24h2 +12
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-23671 HIGH PATCH This Week

Privilege escalation in the Windows Bluetooth RFCOM Protocol Driver across Windows 11 26h1, Windows Server 2025, and Windows 10 1809 stems from improper synchronization of concurrent access to shared resources. An authenticated local attacker can exploit this race condition to gain elevated privileges on affected systems. No patch is currently available for this vulnerability.

Race Condition Information Disclosure Microsoft Windows 11 26h1 Windows Server 2025 +12
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-23668 HIGH PATCH This Week

Local privilege escalation in Microsoft Graphics Component on Windows Server 2016 and Windows 11 23h2 stems from improper synchronization of shared resources, enabling authenticated attackers to gain elevated privileges. The race condition vulnerability requires local access and specific timing conditions but carries high impact potential across confidentiality, integrity, and availability. No patch is currently available for this vulnerability.

Microsoft Industrial Race Condition Windows Server 2016 Windows 11 23h2 +8
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-23240 CRITICAL PATCH Act Now

In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was discovered during a code audit.

Linux Information Disclosure Race Condition
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-23239 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcp_close() This issue was discovered during a code audit.

Linux Information Disclosure Race Condition
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-2364 HIGH This Week

Privilege escalation in CODESYS Development System installer exploits a time-of-check-time-of-use (TOCTOU) race condition, allowing a low-privileged local attacker to gain elevated rights when a legitimate user initiates a system update or installation. An attacker with local access can manipulate files during the installation process window to execute arbitrary code with elevated privileges. No patch is currently available, and the vulnerability requires user interaction but poses significant risk to system integrity and confidentiality.

Race Condition
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-28551 MEDIUM This Month

Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.7 MEDIUM]

Race Condition Harmonyos
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-28549 MEDIUM This Month

Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.6 MEDIUM]

Race Condition Harmonyos
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-28550 MEDIUM This Month

Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.0 MEDIUM]

Race Condition Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-28545 MEDIUM This Month

Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]

Race Condition Harmonyos
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-28544 MEDIUM This Month

Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]

Race Condition Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-28543 MEDIUM This Month

Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.4 MEDIUM]

Industrial Race Condition Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-70341 HIGH POC PATCH This Week

Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files. [CVSS 7.8 HIGH]

Race Condition App Auto Patch
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-28289 CRITICAL POC PATCH Act Now

File upload bypass in FreeScout 1.8.206 — patch bypass for CVE-2026-27636. PoC and patch available. CVSS 10.0.

PHP Laravel RCE Race Condition Freescout
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-25674 PyPI LOW PATCH Monitor

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. [CVSS 3.7 LOW]

Golang Django Race Condition
NVD VulDB HeroDevs
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-20757 LOW Monitor

Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. [CVSS 2.5 LOW]

Race Condition
NVD
CVSS 3.1
2.5
EPSS
0.0%
CVE-2025-48641 HIGH This Week

In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.0 HIGH]

Use After Free Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-48577 HIGH This Week

In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.4 HIGH]

Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-48568 HIGH This Week

In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.4 HIGH]

Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-0995 LOW Monitor

An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME. [CVSS 3.6 LOW]

Race Condition Information Disclosure C1 Pro Firmware
NVD
CVSS 3.1
3.6
EPSS
0.0%
CVE-2026-20445 MEDIUM This Month

Android versions up to 14.0 contains a vulnerability that allows attackers to local denial of service if a malicious actor has already obtained the System pri (CVSS 4.4).

Denial Of Service Race Condition Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-20438 MEDIUM This Month

Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.4).

Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-2802 MEDIUM PATCH This Month

Firefox and Thunderbird versions below 148 contain a race condition in the JavaScript garbage collection component that could allow an attacker to access or modify limited data through specially crafted content requiring user interaction. The vulnerability has a CVSS score of 4.2 and currently lacks an available patch.

Race Condition Mozilla Information Disclosure
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-27128 PHP MEDIUM PATCH This Month

Multiple usage tokens in Craft CMS 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22 can be consumed beyond their intended limits due to a race condition in token validation logic where usage checks and database updates are not atomic. An authenticated attacker with access to a valid impersonation token can exploit concurrent requests to bypass usage restrictions and reuse single-use tokens multiple times. Patches are available for affected versions.

Privilege Escalation Race Condition Craft Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-27127 PHP MEDIUM POC PATCH This Month

DNS rebinding attacks in Craft CMS 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22 allow authenticated attackers to bypass SSRF protections in GraphQL asset mutations by exploiting a Time-of-Check-Time-of-Use race condition between DNS validation and HTTP requests. Attackers with appropriate GraphQL schema permissions can access blocked IP addresses and internal resources that should be restricted. Public exploit code exists for this vulnerability, which represents a bypass of the previous CVE-2025-68437 fix.

DNS SSRF Race Condition Craft Cms
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-63946 HIGH POC This Week

A privilege escalation (PE) vulnerability in the Tencent PC Manager app thru 17.10.28554.205 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. [CVSS 7.4 HIGH]

Windows Privilege Escalation Race Condition Pcmanager
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-63945 HIGH POC This Week

A privilege escalation (PE) vulnerability in the Tencent iOA app thru 210.9.28693.621001 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. [CVSS 7.4 HIGH]

Windows Privilege Escalation Race Condition Ioa
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-27189 MEDIUM This Month

OpenShift versions 1.1.2-alpha and below suffer from a race condition in local JSON persistence that allows authenticated local users to corrupt data stores or cause loss of updates across sessions, study materials, quizzes, and authentication records. The vulnerability stems from non-atomic and insufficiently synchronized file operations that can be exploited through concurrent access to the application's local storage. No patch is currently available.

Race Condition AI / ML Opensift
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-27175 CRITICAL POC THREAT Emergency

Unauthenticated OS command injection in MajorDoMo via rc/index.php. EPSS 41.7% — the $param variable is passed unsanitized to shell commands. PoC available.

PHP RCE Command Injection Race Condition Majordomo
NVD GitHub
CVSS 3.1
9.8
EPSS
41.7%
Threat
4.7
CVE-2026-23207 MEDIUM PATCH This Month

The Tegra210-QSPI driver in the Linux kernel is vulnerable to a race condition where an unprotected NULL pointer check in the interrupt handler can be exploited by a local attacker with low privileges to cause a denial of service through kernel panic. The vulnerability occurs when the timeout path clears the curr_xfer pointer while the ISR thread is simultaneously accessing it, resulting in a NULL dereference. A patch is available to resolve this issue by properly synchronizing access with spinlock protection.

Linux Denial Of Service Race Condition Red Hat Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-71221 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue() Add proper locking in mmp_pdma_residue() to prevent use-after-free when accessing descriptor list and descriptor contents.

Linux Race Condition Information Disclosure
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-23169 HIGH PATCH This Week

A race condition in the Linux kernel's MPTCP address management function allows local attackers with user-level privileges to cause a denial of service through kernel crashes via improper list manipulation without RCU synchronization. The vulnerability exists in mptcp_pm_nl_flush_addrs_doit() where list_splice_init() is called while holding a spinlock, creating unsafe concurrent access conditions. Currently, no patch is available for this medium-severity vulnerability.

Linux Denial Of Service Race Condition Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23167 MEDIUM PATCH This Month

A race condition in the Linux kernel NFC subsystem allows local attackers with low privileges to cause a denial of service by triggering a use-after-free condition between rfkill device unregistration and NCI command queue destruction. An attacker can exploit this by closing a virtual NCI device file while rfkill operations are in progress, causing the kernel to access a destroyed work queue. No patch is currently available for this vulnerability.

Linux Race Condition Information Disclosure Google Linux Kernel +2
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-23161 HIGH PATCH This Week

A race condition in Linux kernel shmem swap entry handling allows local attackers with user privileges to cause denial of service through memory corruption when swap entries are truncated concurrently with other operations. The vulnerability stems from an unprotected order lookup that can become stale before the actual swap entry removal, potentially causing truncation to erase data beyond intended boundaries. No patch is currently available.

Linux Race Condition Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-23153 MEDIUM PATCH This Month

A race condition in the Linux kernel's FireWire core transaction handling allows local attackers with low privileges to cause a denial of service by triggering concurrent processing of AR response and AT request completion events without proper synchronization. The vulnerability stems from transaction list enumeration occurring outside the card lock scope, enabling memory corruption or system crashes when exploited. No patch is currently available for this issue.

Linux Race Condition Information Disclosure Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-23126 MEDIUM PATCH This Month

The Linux kernel netdevsim driver contains a race condition in the bpf_bound_progs list operations where concurrent calls to nsim_bpf_create_prog() and nsim_bpf_destroy_prog() can corrupt the list and trigger kernel crashes. A local attacker with limited privileges can exploit this vulnerability to cause a denial of service by manipulating eBPF program creation and destruction. No patch is currently available for this issue.

Linux Debian Denial Of Service Race Condition Linux Kernel +2
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-23118 MEDIUM PATCH This Month

A race condition in the Linux kernel's rxrpc subsystem allows local attackers with limited privileges to cause a denial of service by exploiting unsynchronized access to the last_tx_at timestamp variable, potentially triggering load/store tearing on 32-bit architectures. The vulnerability requires local access and specific timing conditions to trigger, but can result in system instability or crash when successfully exploited. No patch is currently available.

Linux Race Condition Information Disclosure Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-23115 MEDIUM PATCH This Month

A race condition in the Linux kernel's serial driver allows local attackers with low privileges to bypass TTY device linkage during console configuration, potentially enabling unauthorized access to serial console interfaces on Qualcomm SoCs and other affected systems. The vulnerability stems from improper initialization ordering that fails to configure tty->port before uart_configure_port() is called, creating a window where user-space applications can open the console without proper driver linkage. No patch is currently available.

Qualcomm Denial Of Service Race Condition Linux Linux Kernel +2
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-20796 Go LOW PATCH Monitor

Mattermost versions 10.11.x <= 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /common_teams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549 [CVSS 3.1 LOW]

Race Condition Mattermost Server
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-26224 Monitor

Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability.

macOS Golang Privilege Escalation Race Condition
NVD
EPSS
0.0%
CVE-2026-20677 CRITICAL Act Now

Race condition in Apple macOS/iOS symlink handling allows privilege escalation. Fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5.

Apple Race Condition Authentication Bypass
NVD
CVSS 3.1
9.0
EPSS
0.1%
CVE-2026-20617 HIGH This Week

Unprivileged local users can exploit a race condition in Apple's operating systems (macOS, iOS, iPadOS, tvOS, and visionOS) to escalate privileges to root through improper state handling during concurrent operations. This vulnerability affects multiple OS versions and requires local access with low privileges to trigger, making it exploitable by malicious applications or local attackers. No patch is currently available for this vulnerability.

Apple Race Condition Information Disclosure
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-69871 HIGH This Week

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage() function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. [CVSS 8.1 HIGH]

Race Condition
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2023-31324 HIGH This Week

Rocm contains a vulnerability that allows attackers to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as t (CVSS 7.8).

Race Condition Radeon Vii Firmware Radeon Software Radeon Pro Vii Firmware Rocm
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-20548 HIGH This Week

Rocm contains a vulnerability that allows attackers to corrupt memory resulting in loss of integrity, confidentiality, or availability (CVSS 7.8).

Race Condition Rocm Radeon Pro Vii Firmware Radeon Software Radeon Vii Firmware
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-36311 Monitor

A Time-of-check time-of-use (TOCTOU) race condition in the SMM communications buffer could allow a privileged attacker to bypass input validation and perform an out of bounds read or write, potentially resulting in loss of confidentiality, integrity, or availability.

Race Condition
NVD
EPSS
0.0%
CVE-2026-25728 HIGH POC PATCH This Week

Arbitrary PHP code execution in ClipBucket v5 prior to 5.5.3-#40 through a race condition in file upload validation, where files are moved to a web-accessible directory before security checks are performed. An authenticated attacker can exploit the time window between file placement and validation deletion to execute malicious PHP code on the server. Public exploit code exists for this vulnerability.

PHP Race Condition Clipbucket
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-21523 HIGH PATCH This Week

Authenticated users can exploit a race condition in GitHub Copilot and Visual Studio Code to execute arbitrary code remotely by manipulating file state between verification and use. This vulnerability affects users with network access to these development tools and requires user interaction to trigger. No patch is currently available to address this high-severity flaw.

Github Race Condition AI / ML Visual Studio Code
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-21240 HIGH PATCH This Week

Windows HTTP.sys contains a race condition between privilege checks and resource access that enables local authenticated users to escalate privileges on Windows 10 21H2, Windows 11 23H2, and Windows Server 2025. An attacker with valid credentials can exploit this timing vulnerability to gain system-level access. No patch is currently available for this vulnerability.

Windows Race Condition Windows 10 21h2 Windows 11 23h2 Windows Server 2025 +8
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21237 HIGH PATCH This Week

Local privilege escalation in Windows Subsystem for Linux affects Windows 11 23h2 and Windows 10 22h2 through a race condition in shared resource synchronization. An authenticated local attacker can exploit this vulnerability to gain elevated privileges on the system. No patch is currently available for this vulnerability.

Linux Windows Race Condition Windows 11 23h2 Windows 10 22h2 +7
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-21234 HIGH PATCH This Week

Local privilege escalation in Windows Connected Devices Platform Service exploits a race condition in resource synchronization, allowing authenticated attackers to gain elevated privileges on affected Windows systems including Server 2022, Windows 11 25h2, and Windows 10 21h2. The vulnerability requires local access and user interaction is not needed, making it a practical attack vector for users with standard privileges. No patch is currently available.

Windows Race Condition Windows Server 2022 Windows 11 25h2 Windows 10 21h2 +8
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-21231 HIGH PATCH This Week

Windows Kernel privilege escalation vulnerability in Windows 10 21H2 and Windows Server 2012 stems from improper synchronization of concurrent access to shared resources, enabling local authenticated users to gain elevated system privileges. The race condition can be triggered without user interaction and impacts confidentiality, integrity, and availability of the affected system. No patch is currently available.

Linux Windows Race Condition Windows 10 21h2 Windows Server 2012 +12
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-31944 MEDIUM This Month

Race condition for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow a denial of service. Authorized adversary with a privileged user combined with a high complexity attack may enable denial of service. [CVSS 5.3 MEDIUM]

Denial Of Service Race Condition
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-30513 HIGH This Week

Race condition for some TDX Module within Ring 0: Hypervisor may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. [CVSS 7.9 HIGH]

Privilege Escalation Race Condition
NVD VulDB
CVSS 3.1
7.9
EPSS
0.0%
CVE-2026-23684 MEDIUM This Month

Commerce Cloud versions up to 2205 contains a vulnerability that allows attackers to a cart entry being created with erroneous product value which could be checked o (CVSS 5.9).

SAP Race Condition Commerce Cloud
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-25536 npm HIGH PATCH This Week

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. [CVSS 7.1 HIGH]

Race Condition Information Disclosure Mcp Typescript Sdk
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-23110 MEDIUM PATCH This Month

A race condition in the Linux kernel's SCSI error handling mechanism can prevent the error handler from being properly awakened when concurrent command completions occur, causing I/O operations to hang indefinitely. A local attacker with low privileges can trigger this condition through timing-sensitive operations to cause a denial of service. No patch is currently available for this vulnerability.

Linux Race Condition Information Disclosure
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-23071 MEDIUM PATCH This Month

The Linux kernel's regmap hwspinlock implementation contains a race condition where concurrent threads accessing a shared spinlock flags variable can corrupt IRQ state, potentially leading to denial of service through system hangs or crashes. A local attacker with sufficient privileges can exploit this condition to cause the kernel to become unresponsive. The vulnerability affects Linux systems and currently has no available patch.

Linux Race Condition Information Disclosure Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-22548 MEDIUM This Month

BIG-IP Advanced WAF and ASM experience denial of service when processing specific requests under certain conditions, causing the bd process to terminate and disrupting security policy enforcement. An unauthenticated remote attacker can trigger this crash without user interaction, though exploitation requires specific timing and environmental factors. No patch is currently available for affected versions.

Race Condition Big Ip Application Security Manager Big Ip Advanced Web Application Firewall
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-14740 MEDIUM This Month

Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. [CVSS 6.7 MEDIUM]

Windows Docker Race Condition RCE
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-24040 npm MEDIUM POC PATCH This Month

jsPDF versions prior to 4.1.0 contain a race condition in the addJS method where a shared module-scoped variable is overwritten during concurrent PDF generation, causing JavaScript payloads and embedded data intended for one user to be included in another user's generated PDF. This cross-user data leakage primarily affects server-side Node.js deployments handling simultaneous requests, allowing attackers to access sensitive information leaked across user sessions. Public exploit code exists for this vulnerability.

Node.js Race Condition Jspdf Red Hat
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-0924 HIGH This Week

BuhoCleaner contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoCleaner: 1.15.2.

Race Condition Privilege Escalation Buhocleaner
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-23004 HIGH PATCH This Week

A race condition in Linux kernel routing code allows local authenticated attackers to cause a denial of service by triggering a kernel crash through unsynchronized list operations in rt6_uncached_list_del() and rt_del_uncached_list(). The vulnerability occurs when concurrent CPU operations on list data structures result in use-after-free conditions during list initialization. No patch is currently available for this medium-severity issue.

Linux Denial Of Service Google Race Condition
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-22995 HIGH PATCH This Week

Linux kernel ublk subsystem suffers from a use-after-free vulnerability in partition scan operations where a race condition between device teardown and asynchronous partition scanning allows local attackers with user privileges to access freed memory, potentially causing denial of service or information disclosure. The vulnerability stems from improper reference counting of disk objects during concurrent operations, affecting all Linux systems with the vulnerable ublk driver. A patch is available to resolve this issue by implementing proper disk reference management in the partition scan worker.

Linux Use After Free Race Condition Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-22986 MEDIUM PATCH This Month

A race condition in the Linux kernel's gpiolib subsystem allows local attackers with privileges to cause a kernel crash by exploiting unprotected access to uninitialized SRCU synchronization structures during concurrent gpiochip driver initialization. An attacker can trigger this vulnerability by causing multiple drivers to call gpiochip_add_data_with_key() simultaneously, resulting in a kernel page fault and denial of service.

Linux Denial Of Service Race Condition
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-67124 Cargo MEDIUM POC PATCH This Month

Miniserve versions up to 0.32.0 is affected by improper link resolution before file access (CVSS 6.8).

Race Condition Miniserve
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-15349 HIGH This Week

Anritsu ShockLine SCPI Race Condition Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Anritsu ShockLine. [CVSS 7.5 HIGH]

RCE Race Condition Shockline
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2026-23988 HIGH POC PATCH This Week

Arbitrary code execution with Administrator privileges in Rufus versions 4.11 and below due to a race condition in PowerShell script handling within the %TEMP% directory. A local attacker can replace the legitimate Fido script with malicious code between file creation and execution, since Rufus runs elevated but writes to a world-writable location without file locking. Public exploit code exists for this vulnerability, which is fixed in version 4.12_BETA.

Race Condition Rufus
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

macOS systems running Sequoia 15.7.4 and earlier, Sonoma 14.8.4 and earlier, and Tahoe 26.3 and earlier contain a race condition in state handling that allows local applications to escalate privileges to root. The vulnerability stems from improper synchronization during critical operations, enabling an attacker with local access to exploit the timing window and gain elevated system privileges. Patches have been released for affected macOS versions.

Apple Race Condition Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 9.0
CRITICAL Act Now

N2WS Backup & Recovery before version 4.4.0 contains a remote code execution vulnerability in its RESTful API that requires a two-step attack chain to exploit. An unauthenticated attacker can execute arbitrary code on affected systems, potentially compromising backup and disaster recovery infrastructure. This vulnerability affects the N2WS product line and should be treated as critical given the RCE classification and the security-sensitive nature of backup systems.

RCE Race Condition
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

NVIDIA Triton Inference Server contains a race condition vulnerability (CWE-362) that allows unauthenticated remote attackers to corrupt internal server state, resulting in a denial of service. The vulnerability affects NVIDIA Triton Inference Server across multiple versions and can be exploited over the network with low attack complexity requiring no privileges or user interaction. With a CVSS score of 7.5 (High) and an EPSS score not provided, this represents a significant availability risk for organizations running AI/ML inference workloads.

Denial Of Service Nvidia Race Condition
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

NVIDIA Triton Inference Server's Sagemaker HTTP server contains a race condition vulnerability that allows unauthenticated remote attackers to trigger an exception, resulting in denial of service. The vulnerability affects NVIDIA Triton Inference Server deployments using the Sagemaker HTTP server component and can be exploited over the network without authentication or user interaction. There is no indication of active exploitation (not in CISA KEV), and EPSS data was not provided, but the CVSS score of 7.5 (High) reflects the ease of exploitation.

Denial Of Service Nvidia Race Condition
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Mozilla Firefox's WebRender graphics component contains a race condition and use-after-free vulnerability that enables remote code execution when a user visits a malicious webpage. The flaw affects Firefox versions prior to 149, Firefox ESR versions before 115.34 and 140.9, and requires user interaction to trigger. No patch is currently available for this high-severity issue.

Mozilla Race Condition Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 7.7
HIGH This Week

Citrix NetScaler ADC and Gateway instances configured for SSL VPN, ICA Proxy, CVPN, RDP Proxy, or AAA virtual servers are vulnerable to a race condition that enables authenticated attackers to hijack other users' sessions. An attacker with valid credentials can exploit timing-dependent conditions to cause session mixup between concurrent users, potentially gaining unauthorized access to sensitive resources or impersonating other authenticated users. No patch is currently available for this high-severity vulnerability.

Citrix Race Condition Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Node.js applications using Effect library versions 3.19.15 and earlier with @effect/rpc 0.72.1 and @effect/platform 0.94.2 are vulnerable to context confusion due to improper AsyncLocalStorage handling in the MixedScheduler, allowing attackers to access sensitive data from other concurrent requests through race conditions. An attacker can exploit the batching mechanism to read or modify context belonging to different requests processed in the same microtask cycle, potentially leading to data leakage between users in multi-tenant environments. No patch is currently available.

Node.js Race Condition Authentication Bypass
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A race condition exists in the Linux kernel's perf subsystem where __perf_event_overflow() can execute with only preemption disabled (rather than IRQs disabled) on software events, creating a window for concurrent execution with perf_event_exit_event() and related cleanup functions. This race condition allows the overflow handler to access kernel structures (such as BPF programs) that are being freed concurrently, potentially leading to use-after-free conditions, memory corruption, or privilege escalation. The vulnerability affects multiple stable Linux kernel versions and has patches available across multiple kernel branches (6.12.77, 6.19.7, 7.0-rc2, and others as indicated by the git commit references).

Linux Buffer Overflow Race Condition
NVD VulDB
EPSS 0% CVSS 2.0
LOW PATCH Monitor

OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in concurrent updateRegistry and removeRegistryEntry operations for sandbox containers and browsers.

Information Disclosure Race Condition Openclaw
NVD GitHub VulDB
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Devise's Confirmable module with the reconfirmable option enabled contains a race condition that allows attackers to confirm email addresses they don't control by sending concurrent email change requests. By exploiting the desynchronization between the confirmation token and unconfirmed email fields, an attacker can redirect a victim's email confirmation to their own account. This affects all Devise applications using the default Confirmable configuration with email changes, and is patched in Devise v5.0.3.

Race Condition Information Disclosure Red Hat +1
NVD VulDB GitHub
EPSS 0%
MEDIUM PATCH This Month

SandboxJS 0.8.34 contains a race condition where a shared global tick state allows concurrent sandboxes to interfere with each other's execution quotas during timer callback compilation. An attacker in a multi-tenant environment can exploit this to bypass resource limits and exhaust CPU/memory on the host system. A patch is available.

Race Condition Denial Of Service Node.js
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

TeraWallet for WooCommerce versions up to 1.5.15 contain a race condition in concurrent transaction handling that allows authenticated attackers to manipulate wallet integrity and perform unauthorized financial operations. An attacker with user-level access can exploit improper synchronization during simultaneous requests to bypass transaction controls and modify account balances. No patch is currently available for this vulnerability.

WordPress Information Disclosure Race Condition
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC PATCH This Week

### Impact Parse Server's built-in OAuth2 auth adapter exports a singleton instance that is reused directly across all OAuth2 provider configurations. Under concurrent authentication requests for different OAuth2 providers, one provider's token validation may execute using another provider's configuration, potentially allowing a token that should be rejected by one provider to be accepted because it is validated against a different provider's policy. Deployments that configure multiple OAuth2 providers via the `oauth2: true` flag are affected. ### Patches The fix ensures that a new adapter instance is created for each provider instead of reusing the singleton, so each provider's configuration is isolated. ### Workarounds There is no known workaround. If only a single OAuth2 provider is configured, the race condition cannot occur. ### References - GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-2cjm-2gwv-m892 - Fix Parse Server 9: https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.11 - Fix Parse Server 8: https://github.com/parse-community/parse-server/releases/tag/8.6.37

Node.js Race Condition Information Disclosure +1
NVD GitHub VulDB
EPSS 0%
PATCH Monitor

### Summary Workspace boundary enforcement currently has three related bypass risks. This issue tracks fixing all three in one pull request. ### Details #### R1 - Dangling Symlink Component Bypass - What happens: Path validation can miss dangling symlink components during traversal checks. - Why it matters: A symlink that is unresolved at validation time can later resolve to an external location. - Impact: Read and write operations may escape workspace boundaries. - Affected area: src/security/path.rs (check_symlink_escape). #### R2 - TOCTOU Between Validation and Use - What happens: The path is validated first, then used later for filesystem operations. - Why it matters: A concurrent filesystem change can swap path components after validation but before open/write. - Impact: Race-based workspace escape is possible. - Affected area: Filesystem and file-consuming tools that call validate_path_in_workspace before I/O. #### R3 - Hardlink Alias Bypass - What happens: A file inside workspace can be a hardlink to an inode outside the intended workspace trust boundary. - Why it matters: Prefix and symlink checks can pass while data access still mutates or reads external content. - Impact: Policy bypass for read/write operations. - Affected area: Any tool that reads or writes via validated paths. #### Risk Matrix | ID | Risk | Severity | Likelihood | Impact | |---|---|---|---|---| | R1 | Dangling symlink component bypass | High | Medium | Workspace boundary escape for read/write | | R2 | Validate/use TOCTOU race | High | Medium | Race-based boundary escape during file I/O | | R3 | Hardlink alias bypass | Medium | Low-Medium | External inode read/write through in-workspace path | ### PoC #### R1 - Dangling symlink component bypass 1. Create a symlink inside workspace pointing to a missing target. 2. Validate a path traversing that symlink. 3. Create the target directory outside workspace after validation. 4. Perform file operation and observe potential boundary escape if not fail-closed. #### R2 - TOCTOU between validation and use 1. Validate a candidate in-workspace path. 2. Before open/write, replace an intermediate component with a link to external location. 3. Continue with the file operation. 4. Observe boundary escape if operation trusts only stale validation result. #### R3 - Hardlink alias bypass 1. Place a hardlink inside workspace that points to an external inode. 2. Validate the in-workspace hardlink path. 3. Read or write through this path. 4. Observe external inode access through a path that appears in-scope. ### Impacts Unauthorized cross path boundary ## Credit [@zpbrent](https://github.com/zpbrent) ### Patch [f50c17e11ae3e2d40c96730abac41974ef2ee2a8](https://github.com/qhkm/zeptoclaw/commit/f50c17e11ae3e2d40c96730abac41974ef2ee2a8)

Path Traversal Race Condition
NVD GitHub
EPSS 0%
Monitor

Time-of-check time-of-use race condition in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure.

Information Disclosure Race Condition
NVD VulDB
EPSS 0%
Monitor

Time-of-check time-of-use race condition in the WheaERST SMM module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege.

Privilege Escalation Race Condition
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Alienbin is an anonymous code and text sharing web service. In 1.0.0 and earlier, the /save endpoint in server.js drops and recreates the MongoDB TTL index on the entire post collection for every new paste submission.

Race Condition Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Sylius eCommerce Framework is vulnerable to a race condition in promotion and coupon usage limit enforcement, where concurrent requests can bypass redemption restrictions by exploiting a gap between eligibility validation and usage increment operations. An unauthenticated attacker can exploit this TOCTOU vulnerability to redeem promotions or coupons beyond their configured usage limits, potentially causing financial loss through unintended discounts. No patch is currently available.

Race Condition Sylius
NVD GitHub VulDB
EPSS 0% CVSS 2.9
LOW Monitor

In VPU, there is a possible use-after-free read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. [CVSS 2.9 LOW]

Information Disclosure Race Condition
NVD VulDB
EPSS 0% CVSS 7.4
HIGH This Week

Local privilege escalation on Android devices occurs through a race condition in the VPU driver's instance opening function, allowing attackers to trigger a use-after-free condition without requiring special privileges or user interaction. An unprivileged local attacker can exploit this vulnerability to gain elevated system privileges. No patch is currently available for this vulnerability.

Use After Free Privilege Escalation Race Condition +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Windows Kerberos authentication in Server 2012 and Windows 10 (versions 1607, 1809) contains a race condition that enables unauthenticated remote attackers to circumvent security feature protections. The synchronization flaw in concurrent resource access allows attackers to bypass intended security controls without user interaction over the network. No patch is currently available for this vulnerability.

Race Condition Microsoft Authentication Bypass +8
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Privilege escalation in Windows Device Association Service (Windows 10 versions 1607, 1809, and 21H2) stems from improper synchronization of shared resources, enabling local authenticated users to gain elevated system privileges. The vulnerability requires high attack complexity and no user interaction, making it exploitable by insiders or compromised local accounts. No patch is currently available.

Race Condition Microsoft Information Disclosure +15
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Privilege escalation in Windows Device Association Service across Windows 10, 11, and Server 2022 stems from improper synchronization of shared resources, enabling local authenticated users to gain elevated system privileges. The vulnerability requires local access and specific timing conditions but poses high risk due to its impact on confidentiality, integrity, and availability. No patch is currently available.

Race Condition Microsoft Information Disclosure +14
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Privilege escalation in the Windows Bluetooth RFCOM Protocol Driver across Windows 11 26h1, Windows Server 2025, and Windows 10 1809 stems from improper synchronization of concurrent access to shared resources. An authenticated local attacker can exploit this race condition to gain elevated privileges on affected systems. No patch is currently available for this vulnerability.

Race Condition Information Disclosure Microsoft +14
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Microsoft Graphics Component on Windows Server 2016 and Windows 11 23h2 stems from improper synchronization of shared resources, enabling authenticated attackers to gain elevated privileges. The race condition vulnerability requires local access and specific timing conditions but carries high impact potential across confidentiality, integrity, and availability. No patch is currently available for this vulnerability.

Microsoft Industrial Race Condition +10
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was discovered during a code audit.

Linux Information Disclosure Race Condition
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcp_close() This issue was discovered during a code audit.

Linux Information Disclosure Race Condition
NVD VulDB
EPSS 0% CVSS 7.3
HIGH This Week

Privilege escalation in CODESYS Development System installer exploits a time-of-check-time-of-use (TOCTOU) race condition, allowing a low-privileged local attacker to gain elevated rights when a legitimate user initiates a system update or installation. An attacker with local access can manipulate files during the installation process window to execute arbitrary code with elevated privileges. No patch is currently available, and the vulnerability requires user interaction but poses significant risk to system integrity and confidentiality.

Race Condition
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM This Month

Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.7 MEDIUM]

Race Condition Harmonyos
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.6 MEDIUM]

Race Condition Harmonyos
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.0 MEDIUM]

Race Condition Harmonyos
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]

Race Condition Harmonyos
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]

Race Condition Harmonyos
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.4 MEDIUM]

Industrial Race Condition Harmonyos
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files. [CVSS 7.8 HIGH]

Race Condition App Auto Patch
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL POC PATCH Act Now

File upload bypass in FreeScout 1.8.206 — patch bypass for CVE-2026-27636. PoC and patch available. CVSS 10.0.

PHP Laravel RCE +2
NVD GitHub
EPSS 0% CVSS 3.7
LOW PATCH Monitor

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. [CVSS 3.7 LOW]

Golang Django Race Condition
NVD VulDB HeroDevs
EPSS 0% CVSS 2.5
LOW Monitor

Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. [CVSS 2.5 LOW]

Race Condition
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.0 HIGH]

Use After Free Privilege Escalation Race Condition +2
NVD
EPSS 0% CVSS 7.4
HIGH This Week

In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.4 HIGH]

Privilege Escalation Race Condition Android +1
NVD
EPSS 0% CVSS 7.4
HIGH This Week

In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.4 HIGH]

Privilege Escalation Race Condition Android +1
NVD
EPSS 0% CVSS 3.6
LOW Monitor

An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME. [CVSS 3.6 LOW]

Race Condition Information Disclosure C1 Pro Firmware
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Android versions up to 14.0 contains a vulnerability that allows attackers to local denial of service if a malicious actor has already obtained the System pri (CVSS 4.4).

Denial Of Service Race Condition Android +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.4).

Privilege Escalation Race Condition Android +1
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Firefox and Thunderbird versions below 148 contain a race condition in the JavaScript garbage collection component that could allow an attacker to access or modify limited data through specially crafted content requiring user interaction. The vulnerability has a CVSS score of 4.2 and currently lacks an available patch.

Race Condition Mozilla Information Disclosure
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Multiple usage tokens in Craft CMS 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22 can be consumed beyond their intended limits due to a race condition in token validation logic where usage checks and database updates are not atomic. An authenticated attacker with access to a valid impersonation token can exploit concurrent requests to bypass usage restrictions and reuse single-use tokens multiple times. Patches are available for affected versions.

Privilege Escalation Race Condition Craft Cms
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM POC PATCH This Month

DNS rebinding attacks in Craft CMS 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22 allow authenticated attackers to bypass SSRF protections in GraphQL asset mutations by exploiting a Time-of-Check-Time-of-Use race condition between DNS validation and HTTP requests. Attackers with appropriate GraphQL schema permissions can access blocked IP addresses and internal resources that should be restricted. Public exploit code exists for this vulnerability, which represents a bypass of the previous CVE-2025-68437 fix.

DNS SSRF Race Condition +1
NVD GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

A privilege escalation (PE) vulnerability in the Tencent PC Manager app thru 17.10.28554.205 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. [CVSS 7.4 HIGH]

Windows Privilege Escalation Race Condition +1
NVD GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

A privilege escalation (PE) vulnerability in the Tencent iOA app thru 210.9.28693.621001 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. [CVSS 7.4 HIGH]

Windows Privilege Escalation Race Condition +1
NVD GitHub
EPSS 0% CVSS 6.6
MEDIUM This Month

OpenShift versions 1.1.2-alpha and below suffer from a race condition in local JSON persistence that allows authenticated local users to corrupt data stores or cause loss of updates across sessions, study materials, quizzes, and authentication records. The vulnerability stems from non-atomic and insufficiently synchronized file operations that can be exploited through concurrent access to the application's local storage. No patch is currently available.

Race Condition AI / ML Opensift
NVD GitHub
EPSS 42% 4.7 CVSS 9.8
CRITICAL POC THREAT Emergency

Unauthenticated OS command injection in MajorDoMo via rc/index.php. EPSS 41.7% — the $param variable is passed unsanitized to shell commands. PoC available.

PHP RCE Command Injection +2
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

The Tegra210-QSPI driver in the Linux kernel is vulnerable to a race condition where an unprotected NULL pointer check in the interrupt handler can be exploited by a local attacker with low privileges to cause a denial of service through kernel panic. The vulnerability occurs when the timeout path clears the curr_xfer pointer while the ISR thread is simultaneously accessing it, resulting in a NULL dereference. A patch is available to resolve this issue by properly synchronizing access with spinlock protection.

Linux Denial Of Service Race Condition +2
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue() Add proper locking in mmp_pdma_residue() to prevent use-after-free when accessing descriptor list and descriptor contents.

Linux Race Condition Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A race condition in the Linux kernel's MPTCP address management function allows local attackers with user-level privileges to cause a denial of service through kernel crashes via improper list manipulation without RCU synchronization. The vulnerability exists in mptcp_pm_nl_flush_addrs_doit() where list_splice_init() is called while holding a spinlock, creating unsafe concurrent access conditions. Currently, no patch is available for this medium-severity vulnerability.

Linux Denial Of Service Race Condition +2
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A race condition in the Linux kernel NFC subsystem allows local attackers with low privileges to cause a denial of service by triggering a use-after-free condition between rfkill device unregistration and NCI command queue destruction. An attacker can exploit this by closing a virtual NCI device file while rfkill operations are in progress, causing the kernel to access a destroyed work queue. No patch is currently available for this vulnerability.

Linux Race Condition Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

A race condition in Linux kernel shmem swap entry handling allows local attackers with user privileges to cause denial of service through memory corruption when swap entries are truncated concurrently with other operations. The vulnerability stems from an unprotected order lookup that can become stale before the actual swap entry removal, potentially causing truncation to erase data beyond intended boundaries. No patch is currently available.

Linux Race Condition Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A race condition in the Linux kernel's FireWire core transaction handling allows local attackers with low privileges to cause a denial of service by triggering concurrent processing of AR response and AT request completion events without proper synchronization. The vulnerability stems from transaction list enumeration occurring outside the card lock scope, enabling memory corruption or system crashes when exploited. No patch is currently available for this issue.

Linux Race Condition Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

The Linux kernel netdevsim driver contains a race condition in the bpf_bound_progs list operations where concurrent calls to nsim_bpf_create_prog() and nsim_bpf_destroy_prog() can corrupt the list and trigger kernel crashes. A local attacker with limited privileges can exploit this vulnerability to cause a denial of service by manipulating eBPF program creation and destruction. No patch is currently available for this issue.

Linux Debian Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A race condition in the Linux kernel's rxrpc subsystem allows local attackers with limited privileges to cause a denial of service by exploiting unsynchronized access to the last_tx_at timestamp variable, potentially triggering load/store tearing on 32-bit architectures. The vulnerability requires local access and specific timing conditions to trigger, but can result in system instability or crash when successfully exploited. No patch is currently available.

Linux Race Condition Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A race condition in the Linux kernel's serial driver allows local attackers with low privileges to bypass TTY device linkage during console configuration, potentially enabling unauthorized access to serial console interfaces on Qualcomm SoCs and other affected systems. The vulnerability stems from improper initialization ordering that fails to configure tty->port before uart_configure_port() is called, creating a window where user-space applications can open the console without proper driver linkage. No patch is currently available.

Qualcomm Denial Of Service Race Condition +4
NVD VulDB
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Mattermost versions 10.11.x <= 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /common_teams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549 [CVSS 3.1 LOW]

Race Condition Mattermost Server
NVD
EPSS 0%
Monitor

Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability.

macOS Golang Privilege Escalation +1
NVD
EPSS 0% CVSS 9.0
CRITICAL Act Now

Race condition in Apple macOS/iOS symlink handling allows privilege escalation. Fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5.

Apple Race Condition Authentication Bypass
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Unprivileged local users can exploit a race condition in Apple's operating systems (macOS, iOS, iPadOS, tvOS, and visionOS) to escalate privileges to root through improper state handling during concurrent operations. This vulnerability affects multiple OS versions and requires local access with low privileges to trigger, making it exploitable by malicious applications or local attackers. No patch is currently available for this vulnerability.

Apple Race Condition Information Disclosure
NVD
EPSS 0% CVSS 8.1
HIGH This Week

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage() function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. [CVSS 8.1 HIGH]

Race Condition
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Rocm contains a vulnerability that allows attackers to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as t (CVSS 7.8).

Race Condition Radeon Vii Firmware Radeon Software +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Rocm contains a vulnerability that allows attackers to corrupt memory resulting in loss of integrity, confidentiality, or availability (CVSS 7.8).

Race Condition Rocm Radeon Pro Vii Firmware +2
NVD
EPSS 0%
Monitor

A Time-of-check time-of-use (TOCTOU) race condition in the SMM communications buffer could allow a privileged attacker to bypass input validation and perform an out of bounds read or write, potentially resulting in loss of confidentiality, integrity, or availability.

Race Condition
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Arbitrary PHP code execution in ClipBucket v5 prior to 5.5.3-#40 through a race condition in file upload validation, where files are moved to a web-accessible directory before security checks are performed. An authenticated attacker can exploit the time window between file placement and validation deletion to execute malicious PHP code on the server. Public exploit code exists for this vulnerability.

PHP Race Condition Clipbucket
NVD GitHub
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Authenticated users can exploit a race condition in GitHub Copilot and Visual Studio Code to execute arbitrary code remotely by manipulating file state between verification and use. This vulnerability affects users with network access to these development tools and requires user interaction to trigger. No patch is currently available to address this high-severity flaw.

Github Race Condition AI / ML +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows HTTP.sys contains a race condition between privilege checks and resource access that enables local authenticated users to escalate privileges on Windows 10 21H2, Windows 11 23H2, and Windows Server 2025. An attacker with valid credentials can exploit this timing vulnerability to gain system-level access. No patch is currently available for this vulnerability.

Windows Race Condition Windows 10 21h2 +10
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Windows Subsystem for Linux affects Windows 11 23h2 and Windows 10 22h2 through a race condition in shared resource synchronization. An authenticated local attacker can exploit this vulnerability to gain elevated privileges on the system. No patch is currently available for this vulnerability.

Linux Windows Race Condition +9
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Windows Connected Devices Platform Service exploits a race condition in resource synchronization, allowing authenticated attackers to gain elevated privileges on affected Windows systems including Server 2022, Windows 11 25h2, and Windows 10 21h2. The vulnerability requires local access and user interaction is not needed, making it a practical attack vector for users with standard privileges. No patch is currently available.

Windows Race Condition Windows Server 2022 +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows Kernel privilege escalation vulnerability in Windows 10 21H2 and Windows Server 2012 stems from improper synchronization of concurrent access to shared resources, enabling local authenticated users to gain elevated system privileges. The race condition can be triggered without user interaction and impacts confidentiality, integrity, and availability of the affected system. No patch is currently available.

Linux Windows Race Condition +14
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Race condition for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow a denial of service. Authorized adversary with a privileged user combined with a high complexity attack may enable denial of service. [CVSS 5.3 MEDIUM]

Denial Of Service Race Condition
NVD VulDB
EPSS 0% CVSS 7.9
HIGH This Week

Race condition for some TDX Module within Ring 0: Hypervisor may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. [CVSS 7.9 HIGH]

Privilege Escalation Race Condition
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM This Month

Commerce Cloud versions up to 2205 contains a vulnerability that allows attackers to a cart entry being created with erroneous product value which could be checked o (CVSS 5.9).

SAP Race Condition Commerce Cloud
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. [CVSS 7.1 HIGH]

Race Condition Information Disclosure Mcp Typescript Sdk
NVD GitHub VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A race condition in the Linux kernel's SCSI error handling mechanism can prevent the error handler from being properly awakened when concurrent command completions occur, causing I/O operations to hang indefinitely. A local attacker with low privileges can trigger this condition through timing-sensitive operations to cause a denial of service. No patch is currently available for this vulnerability.

Linux Race Condition Information Disclosure
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

The Linux kernel's regmap hwspinlock implementation contains a race condition where concurrent threads accessing a shared spinlock flags variable can corrupt IRQ state, potentially leading to denial of service through system hangs or crashes. A local attacker with sufficient privileges can exploit this condition to cause the kernel to become unresponsive. The vulnerability affects Linux systems and currently has no available patch.

Linux Race Condition Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM This Month

BIG-IP Advanced WAF and ASM experience denial of service when processing specific requests under certain conditions, causing the bd process to terminate and disrupting security policy enforcement. An unauthenticated remote attacker can trigger this crash without user interaction, though exploitation requires specific timing and environmental factors. No patch is currently available for affected versions.

Race Condition Big Ip Application Security Manager Big Ip Advanced Web Application Firewall
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. [CVSS 6.7 MEDIUM]

Windows Docker Race Condition +1
NVD
EPSS 0% CVSS 4.8
MEDIUM POC PATCH This Month

jsPDF versions prior to 4.1.0 contain a race condition in the addJS method where a shared module-scoped variable is overwritten during concurrent PDF generation, causing JavaScript payloads and embedded data intended for one user to be included in another user's generated PDF. This cross-user data leakage primarily affects server-side Node.js deployments handling simultaneous requests, allowing attackers to access sensitive information leaked across user sessions. Public exploit code exists for this vulnerability.

Node.js Race Condition Jspdf +1
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

BuhoCleaner contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoCleaner: 1.15.2.

Race Condition Privilege Escalation Buhocleaner
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A race condition in Linux kernel routing code allows local authenticated attackers to cause a denial of service by triggering a kernel crash through unsynchronized list operations in rt6_uncached_list_del() and rt_del_uncached_list(). The vulnerability occurs when concurrent CPU operations on list data structures result in use-after-free conditions during list initialization. No patch is currently available for this medium-severity issue.

Linux Denial Of Service Google +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Linux kernel ublk subsystem suffers from a use-after-free vulnerability in partition scan operations where a race condition between device teardown and asynchronous partition scanning allows local attackers with user privileges to access freed memory, potentially causing denial of service or information disclosure. The vulnerability stems from improper reference counting of disk objects during concurrent operations, affecting all Linux systems with the vulnerable ublk driver. A patch is available to resolve this issue by implementing proper disk reference management in the partition scan worker.

Linux Use After Free Race Condition +3
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A race condition in the Linux kernel's gpiolib subsystem allows local attackers with privileges to cause a kernel crash by exploiting unprotected access to uninitialized SRCU synchronization structures during concurrent gpiochip driver initialization. An attacker can trigger this vulnerability by causing multiple drivers to call gpiochip_add_data_with_key() simultaneously, resulting in a kernel page fault and denial of service.

Linux Denial Of Service Race Condition
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM POC PATCH This Month

Miniserve versions up to 0.32.0 is affected by improper link resolution before file access (CVSS 6.8).

Race Condition Miniserve
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Anritsu ShockLine SCPI Race Condition Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Anritsu ShockLine. [CVSS 7.5 HIGH]

RCE Race Condition Shockline
NVD
EPSS 0% CVSS 7.3
HIGH POC PATCH This Week

Arbitrary code execution with Administrator privileges in Rufus versions 4.11 and below due to a race condition in PowerShell script handling within the %TEMP% directory. A local attacker can replace the legitimate Fido script with malicious code between file creation and execution, since Rufus runs elevated but writes to a world-writable location without file locking. Public exploit code exists for this vulnerability, which is fixed in version 4.12_BETA.

Race Condition Rufus
NVD GitHub
Prev Page 4 of 21 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy