CVE-2026-44469— Incorrect Default Permissions in CODESYS Development System
Possible ATT&CK Techniques 3AI
T1068 · Exploitation for Privilege Escalation T1134 · Access Token Manipulation T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-44469
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Incorrect Default Permissions in CODESYS Development System
Source: NVD (National Vulnerability Database)
Vulnerability Description
The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
缺省权限不正确
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| CODESYS | CODESYS Development System | 3.0.0.0 ~ 3.5.22.20 | - |
II. Public POCs for CVE-2026-44469
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-44469
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-44469 (1)
Same Patch Batch · CODESYS · 2026-05-26 · 4 CVEs total
| CVE-2026-8046 | 8.1 HIGH | Incorrect Authorization in CODESYS Control |
| CVE-2026-44468 | 7.8 HIGH | Incorrect Default Permissions in CODESYS Development System |
| CVE-2026-8047 | 7.5 HIGH | Out-of-bounds Write in CODESYS Control |
IV. Related Vulnerabilities
Same product: CODESYS Development System
- CVE-2026-44468
Incorrect Default Permissions in CODESYS Development System - CVE-2025-41700
CODESYS Development System - Deserialization of Untrusted Da - CVE-2023-3669
CODESYS: Missing Brute-Force protection in CODESYS Developme - CVE-2023-3662
CODESYS: Vulnerability in CODESYS Development System allows - CVE-2023-3663
CODESYS: Missing integrity check in CODESYS Development Syst
Same vendor: CODESYS
- CVE-2026-8047
Out-of-bounds Write in CODESYS Control - CVE-2026-8046
Incorrect Authorization in CODESYS Control - CVE-2026-44468
Incorrect Default Permissions in CODESYS Development System - CVE-2026-0393
CODESYS Visualization - Insufficiently Protected Credentials - CVE-2026-35227
Improper resource management in CODESYS Modbus TCP Server
Same weakness: CWE-276
- CVE-2026-44468
Incorrect Default Permissions in CODESYS Development System - CVE-2018-25359
Splinterware System Scheduler Pro 5.12 Privilege Escalation - CVE-2025-32749
Dell PowerFlex Manager <=4.6.2 信息泄露漏洞 - CVE-2026-8487
Incorrect default permissions vulnerability in Progress Soft - CVE-2026-47107
Windmill < 1.703.2 Incorrect Default Permissions in nsjail C
V. Comments for CVE-2026-44469
No comments yet