VMware Fusion 25H2 (macOS) — TOCTOU SETUID race condition LPE (CVSS 7.8); dropped from § 2 in 2026-05-19 brief (did not clear inclusion gates)
cve · CVE-2026-41702
Coverage timeline
1
first 2026-05-19 → last 2026-05-19
Briefs
1
1 distinct
Sources cited
14
10 hosts
Sections touched
0
—
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-05-19CTI Daily Brief — 2026-05-19
Source distribution
- attack.mitre.org4 (29%)
- thezdi.com2 (14%)
- blick.ch1 (7%)
- cert.ssi.gouv.fr1 (7%)
- github.com1 (7%)
- groupe3r.ch1 (7%)
- hackread.com1 (7%)
- ictjournal.ch1 (7%)
- other2 (14%)
External references
All cited sources (14)
- attack.mitre.orginlineT1133 External Remote Serviceshttps://attack.mitre.org/techniques/T1133/
- attack.mitre.orginlineT1190https://attack.mitre.org/techniques/T1190/
- attack.mitre.orginlineT1486 Data Encrypted for Impacthttps://attack.mitre.org/techniques/T1486/
- attack.mitre.orginlineT1567 Exfiltration Over Web Servicehttps://attack.mitre.org/techniques/T1567/
- blick.chinlineBlick.ch, 2026-05-07https://www.blick.ch/fr/suisse/romande/cyberattaque-le-groupe-romand-3r-de-radiologie-cible-id21930477.html
- cert.ssi.gouv.frinlineCERT-FR / cert.ssi.gouv.fr, 2026-05-04/05https://www.cert.ssi.gouv.fr/
- github.cominlinen8n GHSA-q5f4-99jv-pgg5, 2026-05-18https://github.com/n8n-io/n8n/security/advisories/GHSA-q5f4-99jv-pgg5
- groupe3r.chinlineGroupe 3R victim statement, 2026-04-30https://www.groupe3r.ch/fr/information-importante-perturbation-de-nos-services-7268/
- hackread.cominlineHackread, 2026-05-16https://hackread.com/pwn2own-berlin-2026-hits-capacity-hackers-0-days/
- ictjournal.chinlineICTjournal.ch, 2026-05-06https://www.ictjournal.ch/news/2026-05-06/le-reseau-radiologique-romand-a-nouveau-victime-dune-cyberattaque-ses-systemes
- thehackernews.cominlineThe Hacker News, 2026-05-18https://thehackernews.com/2026/05/ivanti-fortinet-sap-vmware-n8n-patch.html
- thezdi.cominlineZDI, 2026-05-13https://www.thezdi.com/blog/2026/5/13/pwn2own-berlin-2026-day-one-results
- thezdi.cominlineZDI, 2026-05-16https://www.thezdi.com/blog/2026/5/16/pwn2own-berlin-2026-day-three-results-and-master-of-pwn
- zerodayinitiative.cominlineZDI, 2026-05-15https://www.zerodayinitiative.com/blog/2026/5/15/pwn2own-berlin-2026-day-two-results
Items in briefs about VMware Fusion 25H2 (macOS) — TOCTOU SETUID race condition LPE (CVSS 7.8); dropped from § 2 in 2026-05-19 brief (did not clear inclusion gates)
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.