CWE · MITRE source
CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (1)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
AU-8 | Time Stamps | AU | Timestamps meeting UTC or offset standards help identify TOCTOU issues through precise chronological reconstruction of check/use operations. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2024-30088 KEV | 8.8 | 7.0 | 0.8938 | 2024-06-11 |
CVE-2024-50379 | 7.1 | 9.8 | 0.8498 | 2024-12-17 |
CVE-2023-38146 | 6.9 | 8.8 | 0.8646 | 2023-09-12 |
CVE-2025-22224 KEV | 6.7 | 9.3 | 0.4730 | 2025-03-04 |
CVE-2022-3590 | 6.6 | 5.9 | 0.9076 | 2022-12-14 |
CVE-2020-1337 | 4.9 | 7.8 | 0.5531 | 2020-08-17 |
CVE-2004-0594 | 4.7 | 0.0 | 0.7773 | 2004-07-27 |
CVE-2023-35311 KEV | 3.8 | 8.8 | 0.0047 | 2023-07-11 |
CVE-2025-38352 KEV | 3.5 | 7.4 | 0.0010 | 2025-07-22 |
CVE-2022-48618 KEV | 3.4 | 7.0 | 0.0017 | 2024-01-09 |
CVE-2003-0813 | 3.2 | 0.0 | 0.5344 | 2003-11-17 |
CVE-2019-0836 | 3.0 | 7.8 | 0.2482 | 2019-04-09 |
CVE-2024-26218 | 2.9 | 7.8 | 0.2189 | 2024-04-09 |
CVE-2024-56337 | 2.6 | 9.8 | 0.1017 | 2024-12-20 |
CVE-2021-32708 | 2.4 | 9.8 | 0.0733 | 2021-06-24 |
CVE-2024-48322 | 2.4 | 8.1 | 0.1364 | 2024-11-11 |
CVE-2021-42835 | 2.3 | 7.0 | 0.1420 | 2021-12-08 |
CVE-2022-36980 | 2.3 | 8.1 | 0.1181 | 2023-03-29 |
CVE-2019-7249 | 2.0 | 9.8 | 0.0147 | 2019-01-31 |
CVE-2019-5421 | 2.0 | 9.8 | 0.0023 | 2019-04-03 |
CVE-2024-28718 | 2.0 | 9.8 | 0.0118 | 2024-04-12 |
CVE-2024-27114 | 2.0 | 9.8 | 0.0106 | 2024-09-11 |
CVE-2024-0132 | 2.0 | 9.0 | 0.0391 | 2024-09-26 |
CVE-2024-41779 | 2.0 | 9.8 | 0.0003 | 2024-11-22 |
CVE-2024-41787 | 2.0 | 9.8 | 0.0002 | 2025-01-10 |