CVE-2026-2364
Received Received - Intake
TOCTOU Vulnerability in CODESYS Installer Enables Privilege Escalation

Publication date: 2026-03-10

Last updated on: 2026-03-10

Assigner: CERT VDE

Description
If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-10
Last Modified
2026-03-10
Generated
2026-06-16
AI Q&A
2026-03-10
EPSS Evaluated
2026-06-14
NVD
CVE-2026-2364
EUVD
EUVD-2026-10476
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
codesys installer to 2.6.1.0 (exc)
codesys development_system 3.5.22.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-2364 is a privilege escalation vulnerability in the CODESYS Installer caused by a time-of-check to time-of-use (TOCTOU) race condition. This flaw allows a local attacker with limited privileges to replace the verified downloaded setup file before it is executed during the self-update process or when initiating an installation of the CODESYS Development System.

Because the update process runs with administrator privileges, if a legitimate user confirms the self-update prompt or starts the installation, the attacker can execute malicious code with elevated rights.

This vulnerability affects CODESYS Installer versions prior to 2.6.1.0 and requires user interaction to be exploited.

Impact Analysis

This vulnerability can allow a low privileged local attacker to gain administrator-level rights on the affected system.

With elevated privileges, the attacker can execute malicious code, potentially compromising the confidentiality, integrity, and availability of the system.

Exploitation requires that a legitimate user confirms the self-update prompt or initiates the installation, but once exploited, it can lead to significant security breaches.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate the CVE-2026-2364 vulnerability, update the CODESYS Installer to version 2.6.1.0 or later.

Avoid using the self-update mechanism of the CODESYS Installer by manually downloading the fixed installer from the CODESYS Store.

Alternatively, install CODESYS Development System version 3.5.22.0 or newer, which includes the updated installer.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2364. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart