CVE-2026-44469 – Incorrect Default Permissions in CODESYS Development System

CVE ID :CVE-2026-44469

Published : May 26, 2026, 6:39 a.m. | 1 hour, 18 minutes ago

Description :The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation.

Severity: 8.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…