TOCTOU Vulnerability in CODESYS Development System by CODESYS Group
CVE-2026-2364

7.3HIGH

Key Information:

Vendor: Codesys
Status: Codesys Installer
Vendor: CVE Published:; 10 March 2026

What is CVE-2026-2364?

A TOCTOU vulnerability exists in the CODESYS Development System installer, allowing a low privileged local attacker to exploit the timing of events. If a legitimate user confirms a self-update prompt or initiates an installation, the attacker can gain elevated rights, leading to potential unauthorized access and manipulation of system settings.

Affected Version(s)

CODESYS Installer 0.0.0 < 2.6.1.0

References

https://certvde.com/de/advisories/VDE-2026-012

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Feb 11, 2026

Credit

David Ruscheweyh from SEW-EURODRIVE GmbH & Co KG

CVE-2026-2364 Data

JSON

Codesys

What is CVE-2026-2364?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit