CVE-2026-44469
EUVD-2026-3179726.05.2026, 08:16
The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| codesys | development_system | 𝑥 < 3.5.22.20 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration