CVE-2026-13742: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition in Honeywell Technologies IQ MultiAccess
Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends updating to the most recent version of this product, service, or offering [V27 SP1, V28 SP1]
AI Analysis
Technical Summary
CVE-2026-13742 describes a CWE-367 TOCTOU race condition in Honeywell IQ MultiAccess affecting all versions up to and including version 28. The vulnerability stems from improper digital signature verification during file download processes, enabling an attacker with low privileges to potentially substitute a legitimate file with a malicious one. The CVSS 4.0 base score is 5.9 (medium severity), reflecting local attack vector, low complexity, partial attacker's privileges, no user interaction, and high impact on integrity and availability. Honeywell recommends updating to versions V27 SP1 or V28 SP1, indicating these versions contain fixes or mitigations.
Potential Impact
An attacker with low privileges on the affected system could exploit this vulnerability to replace a downloaded file with a malicious version, potentially compromising the integrity and availability of the system or application. There is no indication of known exploits in the wild at this time.
Mitigation Recommendations
Honeywell recommends updating IQ MultiAccess to the most recent versions, specifically V27 SP1 or V28 SP1, which presumably contain fixes or mitigations for this vulnerability. No official patch or advisory link is provided, so users should consult Honeywell's official resources for the latest updates and confirm remediation status. Patch status is not yet confirmed explicitly; check the vendor advisory for current remediation guidance.
CVE-2026-13742: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition in Honeywell Technologies IQ MultiAccess
Description
Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends updating to the most recent version of this product, service, or offering [V27 SP1, V28 SP1]
CVSS v4.0
Score 5.9medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-13742 describes a CWE-367 TOCTOU race condition in Honeywell IQ MultiAccess affecting all versions up to and including version 28. The vulnerability stems from improper digital signature verification during file download processes, enabling an attacker with low privileges to potentially substitute a legitimate file with a malicious one. The CVSS 4.0 base score is 5.9 (medium severity), reflecting local attack vector, low complexity, partial attacker's privileges, no user interaction, and high impact on integrity and availability. Honeywell recommends updating to versions V27 SP1 or V28 SP1, indicating these versions contain fixes or mitigations.
Potential Impact
An attacker with low privileges on the affected system could exploit this vulnerability to replace a downloaded file with a malicious version, potentially compromising the integrity and availability of the system or application. There is no indication of known exploits in the wild at this time.
Mitigation Recommendations
Honeywell recommends updating IQ MultiAccess to the most recent versions, specifically V27 SP1 or V28 SP1, which presumably contain fixes or mitigations for this vulnerability. No official patch or advisory link is provided, so users should consult Honeywell's official resources for the latest updates and confirm remediation status. Patch status is not yet confirmed explicitly; check the vendor advisory for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Honeywell
- Date Reserved
- 2026-06-29T15:10:48.921Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a429b9427e9c7971920c069
Added to database: 06/29/2026, 16:21:40 UTC
Last enriched: 06/29/2026, 16:36:59 UTC
Last updated: 06/29/2026, 23:14:06 UTC
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.