HIGH SeverityCVSS 3.17.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2026-41702

Last updated May 15, 2026 · Published May 15, 2026

Description

VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SETUID binary. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed.

Affected products

1 listed

VMware:Fusion

Mappings

CWE

CWE-367

CAPEC

None listed.

Training

API Design That Defends ItselfREST, GraphQL, and gRPC patterns that reduce your attack surface by design.
Authorisation and Access ControlRBAC, ABAC, and privilege escalation patterns in real applications.

CVE-2026-41702

Description

Affected products

Mappings

Related