Local Privilege Escalation Vulnerability in Affected Product by Vendor
CVE-2026-44469

8.5HIGH

Key Information:

Vendor: Codesys
Status: Codesys Development System
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-44469?

The affected product improperly manages the permissions of files extracted to a temporary directory during administrative installation. This flaw allows a low-privileged local attacker to exploit a Time-of-Check to Time-of-Use (TOCTOU) race condition. By doing so, the attacker can replace legitimate files with malicious versions within a narrow window of time before installation, potentially leading to local privilege escalation.

Affected Version(s)

CODESYS Development System 3.0.0.0 < 3.5.22.20

References

https://www.certvde.com/en/advisories/VDE-2026-055/

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 6, 2026

Credit

David Ruscheweyh from SEW-EURODRIVE GmbH & Co KG

CVE-2026-44469 Data

JSON

Codesys

What is CVE-2026-44469?

Affected Version(s)

References

CVSS V4

Timeline

Credit