PT-2026-40932 · Vmware · Vmware Fusion
Published
2026-05-14
·
Updated
2026-05-19
·
CVE-2026-41702
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
VMware Fusion versions prior to 26H1
Description
VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) race condition that occurs during an operation performed by a SETUID binary. A malicious actor with local non-administrative user privileges may exploit this issue to escalate privileges to root on the system where the software is installed.
Recommendations
Update VMware Fusion to version 26H1.
Fix
LPE
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vmware Fusion