CVE-2026-33150

HIGH EPSS 22.9%
Published Mar 20, 20263mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Mar 20, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the io_uring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When io_uring thread creation fails due to resource exhaustion (e.g., cgroup pids.max), fuse_uring_start() frees the ring pool structure but stores the dangling pointer in the session state, leading to a use-after-free when the session shuts down. The trigger is reliable in containerized environments where cgroup pids.max limits naturally constrain thread creation. This issue has been patched in version 3.18.2.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
22.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 1

VendorProductVersionRange
libfuse_projectlibfuse*≥3.18.0  –  <3.18.2

References 3

  • github.com https://github.com/libfuse/libfuse/commit/49fcd891a58f622c098e2ca67d66086f7b213836
    Patch
  • github.com https://github.com/libfuse/libfuse/releases/tag/fuse-3.18.2
    ProductRelease Notes
  • github.com https://github.com/libfuse/libfuse/security/advisories/GHSA-qxv7-xrc2-qmfx
    Vendor Advisory

Remediation

  • github.com https://github.com/libfuse/libfuse/commit/49fcd891a58f622c098e2ca67d66086f7b213836
    Patch