Broadcom introduced on Thursday that it has launched a VMware Fusion replace to patch a high-severity vulnerability.\u00a0<\/strong><\/p>\n

The flaw, tracked as CVE-2026-41702 and rated \u2018vital\u2019 by the seller, was reported by Mathieu Farrell.<\/p>\n

An advisory<\/a> describes CVE-2026-41702 as a time-of-check time-of-use (TOCTOU) flaw that \u201chappens throughout an operation carried out by a SETUID binary\u201d.\u00a0<\/p>\n

\u201cA malicious actor with native non-administrative person privileges might exploit this vulnerability to escalate privileges to root on the system the place Fusion is put in,\u201d the advisory explains.\u00a0<\/p>\n

VMware might announce a number of extra patches within the coming days, as its merchandise might be focused at this week\u2019s Pwn2Own hacking competitors. VMware proprietor Broadcom has despatched members of its safety workforce<\/a> to the occasion, the place contributors are anticipated to exhibit ESX exploits that may earn them as much as $200,000.<\/p>\n

VMware Workstation, which in recent times has earned vital rewards<\/a> for Pwn2Own contributors, has been faraway from the record of targets.\u00a0<\/p>\n

Commercial. Scroll to proceed studying.<\/span><\/div>\n
Broadcom\u2019s advisory doesn’t point out CVE-2026-41702 being utilized in assaults, however vulnerabilities in VMware merchandise are sometimes exploited within the wild<\/a>. CISA\u2019s KEV catalog<\/a> presently contains 26 VMware flaws.\u00a0<\/p>\n
Associated<\/strong>: VMware Aria Operations Vulnerability Might Permit Distant Code Execution<\/a><\/p>\n
Associated<\/strong>: 2024 VMware Flaw Now in Attackers\u2019 Crosshairs<\/a><\/p>\n
Associated<\/strong>: Exploit for VMware Zero-Day Flaws Possible Constructed a 12 months Earlier than Public Disclosure<\/a>\n\t\t\t<\/p>\n<\/div>\n\n","protected":false},"excerpt":{"rendered":"
Broadcom introduced on Thursday that it has launched a VMware Fusion replace to patch a high-severity vulnerability.\u00a0 The flaw, tracked as CVE-2026-41702 and rated \u2018vital\u2019 by the seller, was reported by Mathieu Farrell. An advisory describes CVE-2026-41702 as a time-of-check time-of-use (TOCTOU) flaw that \u201chappens throughout an operation carried out by a SETUID binary\u201d.\u00a0 \u201cA […]<\/p>\n","protected":false},"author":2,"featured_media":14756,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[4283,7623,2800,2498,1061],"class_list":["post-14754","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-fusion","tag-highseverity","tag-patched","tag-vmware","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/14754","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14754"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/14754\/revisions"}],"predecessor-version":[{"id":14755,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/14754\/revisions\/14755"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/14756"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14754"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14754"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14754"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}