CVE-2026-2364

HIGH 7.3

CODESYS Installer TOCTOU Privilege Escalation

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

0th

If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer.

CWE	CWE-367
Vendor	codesys
Product	codesys installer
Published	Mar 10, 2026
Last Updated	Mar 10, 2026

Stay Ahead of the Next One

Get instant alerts for codesys codesys installer

Be the first to know when new high vulnerabilities affecting codesys codesys installer are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

CODESYS / CODESYS Installer

0.0.0 < 2.6.1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

certvde.com: https://certvde.com/de/advisories/VDE-2026-012

Credits

David Ruscheweyh from SEW-EURODRIVE GmbH & Co KG