Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-367

CWE-367

Medium likelihood

Time-of-check Time-of-use (TOCTOU) Race Condition

Parent: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

649 vulnerabilities with CWE-367

CVE-2026-31678 HIGH

openvswitch: defer tunnel netdev_put to RCU release

CVE-2026-31535 MEDIUM

smb: client: make use of smbdirect_socket.recv_io.credits.available

CVE-2026-41360 MEDIUM

OpenClaw < 2026.4.2 - Approval Integrity Bypass in pnpm dlx Local Script Binding

CVE-2026-41338 MEDIUM

OpenClaw < 2026.3.31 - Time-of-Check-Time-of-Use (TOCTOU) Vulnerability in Sandbox File Operations

CVE-2026-41337 MEDIUM

OpenClaw < 2026.3.31 - Callback Origin Mutation in Plivo Voice-call Replay

CVE-2026-35376 MEDIUM

uutils coreutils chcon Security Bypass and Mandatory Access Control (MAC) Inconsistency via TOCTOU Race Condition

CVE-2026-35374 MEDIUM

uutils coreutils split Arbitrary File Truncation via Time-of-Check to Time-of-Use (TOCTOU) Race Condition

CVE-2026-35364 MEDIUM

uutils coreutils mv Arbitrary File Overwrite via Cross-Device TOCTOU Race Condition

CVE-2026-35362 LOW

uutils coreutils Missing TOCTOU Protection on Non-Linux Unix Platforms in Safe Traversal Module

CVE-2026-35360 MEDIUM

uutils coreutils touch Arbitrary File Truncation via TOCTOU Race Condition

CVE-2026-35359 MEDIUM

uutils coreutils cp Information Disclosure via Time-of-Check to Time-of-Use Symlink Swap

CVE-2026-35357 MEDIUM

uutils coreutils cp Information Disclosure via Permission Handling Race

CVE-2026-35356 MEDIUM

uutils coreutils install Arbitrary File Overwrite with -D via Path Component Symlink Race

CVE-2026-35355 MEDIUM

uutils coreutils install Arbitrary File Overwrite via Symlink TOCTOU Race

CVE-2026-35354 MEDIUM

uutils coreutils mv Security Xattr TOCTOU Race in Cross-Device

CVE-2026-35353 LOW

uutils coreutils mkdir Permission Exposure Race Condition with -m

CVE-2026-35352 HIGH

uutils coreutils mkfifo Privilege Escalation via TOCTOU Race Condition

CVE-2026-35345 MEDIUM

uutils coreutils tail Privileged Information Disclosure via Symlink Replacement Race

CVE-2026-41651 HIGH

PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root

CVE-2026-31523 MEDIUM

nvme-pci: ensure we're polling a polled queue

CVE-2026-22751 MEDIUM

Spring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions

CVE-2026-41296 HIGH

OpenClaw < 2026.3.31 - Sandbox Escape via TOCTOU Race in Remote FS Bridge readFile

CVE-2026-40896 MEDIUM

OpenProject has Cross-Project Meeting Agenda Item Injection via Unscoped Section Lookup

CVE-2026-5958 LOW

GNU sed --follow-symlinks - TOCTOU Arbitrary File Overwrite

CVE-2026-3428 MEDIUM

ASUS Member Center < 1.6.6.4 - Privilege Escalation via Time-of-check Time-of-use Race Condition

Previous Page 3 of 26 Next

Details

Vulnerabilities 649

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy