CVEDB API

Vulnerabilities

Vulnerable Software

Vmware: >> Fusion >> 13.5.2 Security Vulnerabilities

CVE-2026-41702

VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SETUID binary. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed.

CVSS Score

7.8

EPSS Score

0.001

Published

2026-05-15

CVE-2025-22226

Known exploited

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

CVSS Score

7.1

EPSS Score

0.017

Published

2025-03-04

CVE-2024-38811

VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.

CVSS Score

8.8

EPSS Score

0.003

Published

2024-09-03

Page 1

Vulnerabilities

Vulnerable Software

Vmware: >> Fusion >> 13.5.2 Security Vulnerabilities

Products

Pricing

Contact Us