CVE-2026-30332

Publication date

2026-04-02 00:00:00

Family

mitre

State

PUBLISHED

Description

A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process.