HIGHCVE-2026-41702Published Modified CNA vmware
CVE-2026-41702: TOCTOU local privilege escalation vulnerability
VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SETUID binary. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- 2026H1
- Affected Products
- 1
Fix available
2026H1
Affected packages
- VMware / Fusion< 2026H1 (from 2025H2)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HReferences