CVE-2026-44469
published 2026-05-26CVE-2026-44469: The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A…
high8.5CVSS 4.0
AVLACLATNPRLUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codesys | codesys_development_system | >= 3.0.0.0 < 3.5.22.20 | 3.5.22.20 |
| codesys | development_system | < 3.5.22.20 | 3.5.22.20 |