CVE-2026-23988
CVE-2026-23988 affects Rufus 4.11 and earlier. A TOCTOU race in the Fido PowerShell script handling (in src/net.c) occurs while the script is created, validated, and executed. Rufus runs with Administrator privileges but writes the script to %TEMP% (writable by standard users) without proper lock...