CVE-2026-44469
Incorrect Default Permissions in Software During Admin Installation Enable TOCTOU Race Condition Leading to Local Privilege Escalation
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| codesys | development_system | to 3.5.22.20 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the CODESYS Development System versions prior to 3.5.22.20, where the PackageManager and IPM components create temporary directories with insecure default permissions during administrative installation.
A low-privileged local attacker can exploit a time-of-check to time-of-use (TOCTOU) race condition within a practical time window to replace verified installation files with malicious ones before the installation completes.
This allows the attacker to bypass security boundaries during package installation and escalate their privileges on the local system.
How can this vulnerability impact me? :
Exploiting this vulnerability enables a low-privileged local user to escalate their privileges to administrative level by installing arbitrary files with elevated privileges.
This compromises the underlying operating system, potentially allowing the attacker to execute malicious code, gain unauthorized access, and control the affected system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves insecure default permissions on temporary directories created during administrative installation and a TOCTOU race condition exploitable by low-privileged local users. Detection would focus on identifying such insecure temporary directories and monitoring for unauthorized modifications during installation.
Specific commands are not provided in the available resources. However, system administrators can check permissions of temporary directories used by the CODESYS Development System during installation and monitor file changes in these directories.
What immediate steps should I take to mitigate this vulnerability?
The vendor has released version 3.5.22.20 of the CODESYS Development System to address these vulnerabilities.
Immediate mitigation steps include updating the affected software to version 3.5.22.20 or later to ensure that temporary directories are created with secure permissions and the TOCTOU race condition is fixed.
Additionally, restrict local user permissions to prevent exploitation by low-privileged users and monitor installation processes for suspicious activity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows low-privileged local attackers to escalate privileges by exploiting insecure temporary directory permissions and a TOCTOU race condition during installation. This can lead to the installation of arbitrary files with elevated privileges, potentially compromising the underlying operating system.
Such a compromise can impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls over system integrity, access controls, and protection of sensitive data. Unauthorized privilege escalation and system compromise may lead to unauthorized access to protected data, violating these regulatory requirements.