VMSA-2026-0003: VMware Fusion updates address privilege escalation vulnerability (CVE-2026-41702)
| Advisory ID: | VMSA-2026-0003 |
| Advisory Severity: | Important |
| CVSSv3 Range: | 7.8 |
| Synopsis: | VMware Fusion updates address privilege escalation vulnerability (CVE-2026-41702) |
| Issue date: | 2025-05-14 |
| Updated on: | 2025-05-14 (Initial Advisory) |
| CVE(s) |
CVE-2026-41702 |
1. Impacted Products
- VMware Fusion
2. Introduction
A local privilege escalation vulnerability in VMware Fusion was privately reported to Broadcom. Updates are available to remediate this vulnerability in affected Broadcom products.
3. VMware Fusion TOCTOU local privilege escalation vulnerability (CVE-2026-41702)
Description:
VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SETUID binary. Broadcom has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.
Known Attack Vectors:
A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed.
Resolution:
To remediate CVE-2026-41702 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds:
None
Additional Documentation:
None.
Acknowledgments:
Broadcom would like to thank Mathieu Farrell (@coiffeur0x90) for reporting this issue to us.
Notes:
None.
Response Matrix:
|
Product |
Version |
Running On |
CVE |
CVSSv3 |
Severity |
Fixed Version |
Workarounds |
Additional Documentation |
| VMware Fusion | 25H2 | Any |
CVE-2026-41702 |
7.8 | Important | 26H1 | None |
None
|
4. References
VMware Fusion 26H1
Downloads and Documentation:
https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Fusion&displayGroup=VMware%20Fusion%2026H1&release=26H1&os=&servicePk=543219&language=EN&freeDownloads=true
https://techdocs.broadcom.com/us/en/vmware-cis/desktop-hypervisors/fusion-pro/26H1/release-notes/vmware-fusion-26h1-release-notes.html
Mitre CVE Dictionary Links:
https://www.cve.org/CVERecord?id=CVE-2026-41702
FIRST CVSSv3 Calculator:
CVE-2026-41702: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5. Change Log:
2026-05-14 VMSA-2026-0003
Initial security advisory.
6. Contact:
E-mail: [email protected]
PGP key
https://knowledge.broadcom.com/external/article/321551
VMware Security Advisories
https://www.broadcom.com/support/vmware-security-advisories
VMware External Vulnerability Response and Remediation Policy
https://www.broadcom.com/support/vmware-services/security-response
VMware Lifecycle Support Phases
https://support.broadcom.com/group/ecx/productlifecycle
VMware Security Blog
https://blogs.vmware.com/security
X
https://x.com/VMwareSRC
Copyright 2026 Broadcom. All rights reserved.