CVE-2026-44468
published 2026-05-26CVE-2026-44468: The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to…
high8.5CVSS 4.0
AVLACLATNPRLUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary components.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codesys | codesys_development_system | >= 3.0.0.0 < 3.5.22.20 | 3.5.22.20 |
| codesys | development_system | < 3.5.22.20 | 3.5.22.20 |