This page lists publicly disclosed CVE vulnerabilities affecting akeo rufus (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-23988 | Rufus is a utility that helps format and create bootable USB flash drives. Versions 4.11 and below contain a race condition (TOCTOU) in src/net.c during the creation, validation, and execution of the Fido PowerShell script. Since Rufus runs with elevated privileges (Administrator) but writes the script to the %TEMP% directory (writeable by standard users) without locking the file, a local attacker can replace the legitimate script with a malicious one between the file write operation and the exe | [email protected] | 7.3 | 0.01% | 2026-01-22 | 2026-02-27 |
| CVE-2019-1010101 | Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. The impact is: arbitrary code execution with escalation of privilege. The component is: Executable installer, portable executable (ALL executables available). The attack vector is: CWE-29, CWE-377, CWE-379. | [email protected] | 9.8 | 0.34% | 2019-07-19 | 2024-11-21 |
| CVE-2019-1010100 | Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables (ALL executables on the web site). The attack vector is: CAPEC-471, CWE-426, CWE-427. | [email protected] | 7.8 | 0.39% | 2019-07-19 | 2024-11-21 |
| CVE-2017-13083 | Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code | [email protected] | 5.3 | 0.12% | 2017-10-18 | 2026-05-13 |