What is the CVSS score of CVE-2026-33150?

CVE-2026-33150 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Red Hat are affected by CVE-2026-33150?

libfuse versions 3.18.0-3.18.1 contain a use-after-free vulnerability in the io_uring subsystem that enables local attackers to crash FUSE filesystem processes or execute arbitrary code when resource…. A patch is available.

Is there a public PoC exploit available for CVE-2026-33150?

Yes, a public proof-of-concept exploit is available for CVE-2026-33150. Prioritise patching immediately. EPSS: 0.0%.

Red Hat CVE-2026-33150

EUVD-2026-13786 HIGH

Use After Free (CWE-416)

2026-03-20 GitHub_M

RCE Denial Of Service Use After Free Memory Corruption Red Hat Suse

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:19 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

3.18.2

PoC Detected

Mar 23, 2026 - 19:16 vuln.today

Public exploit code

EUVD ID Assigned

Mar 20, 2026 - 20:46 euvd

EUVD-2026-13786

Analysis Generated

Mar 20, 2026 - 20:46 vuln.today

CVE Published

Mar 20, 2026 - 20:20 nvd

HIGH 7.8

DescriptionNVD

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the io_uring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When io_uring thread creation fails due to resource exhaustion (e.g., cgroup pids.max), fuse_uring_start() frees the ring pool structure but stores the dangling pointer in the session state, leading to a use-after-free when the session shuts down. The trigger is reliable in containerized environments where cgroup pids.max limits naturally constrain thread creation. This issue has been patched in version 3.18.2.

AnalysisAI

libfuse versions 3.18.0 through 3.18.1 contain a use-after-free vulnerability in the io_uring subsystem that allows local attackers to crash FUSE filesystem processes or execute arbitrary code when thread creation fails under resource constraints. The flaw occurs when io_uring initialization fails (e.g., due to cgroup limits), leaving a dangling pointer in session state that is dereferenced during shutdown. …

RemediationAI

Within 24 hours: identify all systems running libfuse 3.18.0 or 3.18.1 using package inventory tools and assess their role in production FUSE filesystem operations. Within 7 days: apply the vendor-released patch to upgrade libfuse to version 3.18.2 or later on all affected systems. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory