CVE-2026-33150 — Use After Free in Project Libfuse

CWE-416 — Use After Free CWE-825 — Expired Pointer Dereference6 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 95.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libfuse Project Libfuse Libfuse

Timeline

PublishedMar 20

Description

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the io_uring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When io_uring thread creation fails due to resource exhaustion (e.g., cgroup pids.max), fuse_uring_start() frees the ring pool structure but stores the dangling pointer in the session state, leading to a use-after-free when the …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDlibfuse_project/libfuse3.18.0 — 3.18.2

▶CVEListV5libfuse/libfuse>= 3.18.0, < 3.18.2

Patches

Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2026-33150: libfuse is the reference implementation of the Linux FUSE↗2026-03-20

▶

CVEList

Use After Free in libfuse↗2026-03-20

▶

📋Vendor Advisories

Red Hat

libfuse: libfuse: Arbitrary code execution via use-after-free in io_uring subsystem↗2026-03-20

▶

Debian

CVE-2026-33150: fuse3 - libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 t...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-33150 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶