Cyber Posture

CVE-2026-44469

High
Microsoft: not affectedMSmacOS: not affectedMacLinux: not affectedLnxMobile: not affectedMobNetwork: not affectedNetApplication: not affectedAppOther: affectedOth

Published: 26 May 2026

Published
26 May 2026
Modified
26 May 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 1.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-44469 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Certvde (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique.
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

AC-1 Policy and Procedures
addresses: CWE-276

Access control policy can specify and enforce secure default permissions for resources.

AC-6 Least Privilege
addresses: CWE-276

Guides setting of default permissions to the minimum required level.

CM-1 Policy and Procedures
addresses: CWE-276

Establishes requirements for appropriate default permissions on system resources as part of configuration management.

CM-2 Baseline Configuration
addresses: CWE-276

Baseline establishment and updates on install/upgrade ensure correct default permissions rather than insecure ones.

CM-6 Configuration Settings
addresses: CWE-276

Requiring the most restrictive settings instead of defaults prevents incorrect default permissions on resources.

CM-9 Configuration Management Plan
addresses: CWE-276

Requires documented processes that include setting and maintaining correct default permissions for configuration items.

PE-1 Policy and Procedures
addresses: CWE-276

Requires addressing secure default permissions in physical and environmental protection controls.

PL-11 Baseline Tailoring
addresses: CWE-276

Tailoring explicitly overrides or scopes default permission assignments in the baseline to match the system's actual risk and operational needs.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1574.005 Executable Installer File Permissions Weakness Stealth
Adversaries may execute their own malicious payloads by hijacking the binaries used by an installer.
attack.mitre.org →
Why these techniques?

Weak installer temp dir permissions + TOCTOU directly enables file replacement for local privilege escalation (T1068) via executable installer file permissions weakness (T1574.005).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before…

more

installation, resulting in local privilege escalation.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-276
OWASP Top 10 Web 2025
A01:2025

Affected Products

Certvde
inferred from references and description; NVD did not file a CPE for this CVE

EU & UK References

References