CVE-2026-44468 HIGH

CVE-2026-44468: Incorrect Default Permissions in CODESYS Development System

Vendor Codesys
Product CODESYS Development System
Weakness CWE-276
Published May 26, 2026
Last update May 26, 2026

CVSS base score

8.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary components.

Key dates

02Disclosure timeline

May 26, 2026 CVE published
May 26, 2026 Record updated