CVE-2026-30332 Payload — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	7.5 (HIGH)
Vendor	Payload
Public PoC	No

A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process.

Attack Parameters

Attack Vector

Local

Requires local access

Attack Complexity

High

Difficult to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

References 3

https://github.com/B1tBreaker/CVE-2026-30332

cve@mitre.org

https://github.com/balena-io/etcher/issues/4500

cve@mitre.org

https://www.balena.io/security

cve@mitre.org

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33533

Payload

7.1

CVE-2026-30867

Payload

5.7

CVE-2026-34569

Payload

9.9

CVE-2026-34568

Payload

9.1

CVE-2026-34567

Payload

9.1

Menu

CVE-2026-30332

Attack Parameters

Impact Assessment

CVSS Vector v3.1

References 3

Related Vulnerabilities

CVE-2026-33533

CVE-2026-30867

CVE-2026-34569

CVE-2026-34568

CVE-2026-34567

CVE Details

Editor's Choice

Menu

CVE-2026-30332

Attack Parameters

Impact Assessment

CVSS Vector v3.1

References 3

Related Vulnerabilities

CVE-2026-33533

CVE-2026-30867

CVE-2026-34569

CVE-2026-34568

CVE-2026-34567

CVE Details

Editor's Choice

Stay informed on cybersecurity