CVE-2026-41702 – TOCTOU local privilege escalation vulnerability

CVE ID :CVE-2026-41702

Published : May 15, 2026, 7:16 a.m. | 41 minutes ago

Description :VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SETUID binary. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…