CVE-2026-41702

TOCTOU local privilege escalation vulnerability

CVSS 7.8 HIGHEPSS 0.1%CWE-367

VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SETUID binary. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

VMware · Fusion

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37454