TOCTOU, or Time-of-Check to Time-of-Use, is a race condition vulnerability in which a system checks a resource (such as a file or variable) for a certain state, but the state changes before the resource is actually used. This window of opportunity allows attackers to exploit the gap between the check and the use, potentially bypassing security controls or gaining unauthorized access. TOCTOU bugs are common in multi-threaded or multi-process environments, especially in file system operations, and can lead to privilege escalation or data corruption if not properly mitigated.