CVE-2026-30332

HIGH

Balena Etcher for Windows <2.1.4 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-30332. PoCs published by B1tBreaker.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-30332, a TOCTOU vulnerability in Balena Etcher for Windows. The exploit monitors the temporary directory for a .cmd file created by Etcher and replaces it with a malicious payload to escalate privileges to high integrity.

Description

A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process.

Exploits (1)

nomisec WORKING POC
by B1tBreaker · poc
https://github.com/B1tBreaker/CVE-2026-30332

This repository contains a functional exploit for CVE-2026-30332, a TOCTOU vulnerability in Balena Etcher for Windows. The exploit monitors the temporary directory for a .cmd file created by Etcher and replaces it with a malicious payload to escalate privileges to high integrity.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Racy
Target: Balena Etcher for Windows < 2.1.4
No auth needed
Prerequisites: Balena Etcher for Windows < 2.1.4 installed · User context with medium integrity · Ability to monitor the temp directory
devstral-2 · analyzed May 03, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.0017
EPSS Percentile 6.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-367
Status published
Published Apr 02, 2026
Tracked Since Apr 02, 2026