PT-2026-29795 · Balena · Balena Etcher
B1Tbreaker
·
Published
2026-04-02
·
Updated
2026-04-02
·
CVE-2026-30332
CVSS v3.1
7.5
High
| Vector | AC:H/AV:L/A:H/C:H/I:H/PR:L/S:C/UI:R |
Name of the Vulnerable Software and Affected Versions
Balena Etcher versions prior to 2.1.4
Description
A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in Balena Etcher for Windows prior to version 2.1.4. This condition allows attackers to escalate privileges and execute arbitrary code by replacing a legitimate script with a crafted payload during the flashing process.
Recommendations
Update Balena Etcher to version 2.1.4 or later.
Exploit
Fix
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Balena Etcher