What is CVE-2026-33179?

CVE-2026-33179 is a medium-severity vulnerability in Libfuse, classified under NULL Pointer Dereference. CVSS score: 5.5/10. Published 2026-03-20.

How severe is CVE-2026-33179?

Medium severity. CVSS v3 base score is 5.5 out of 10.

NULL pointer dereference in Libfuse

CVE-2026-33179

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuse_uring_init_queue allows a local user to crash the FUSE daemon or cause resource exh…

EPSS: 0.000 (0.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Libfuse — versions >= 3.18.0, < 3.18.2

Weakness classification (CWE)

CWE-476 — NULL Pointer Dereference

References

https://github.com/libfuse/libfuse/security/advisories/GHSA-x669-v3mq-r358 (x_refsource_CONFIRM)
https://github.com/libfuse/libfuse/commit/7beb86c09b6ec5aab14dc25256ed8a5ad18554d7 (x_refsource_MISC)
https://github.com/libfuse/libfuse/releases/tag/fuse-3.18.2 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-33179?: CVE-2026-33179 is a medium-severity vulnerability in Libfuse, classified under NULL Pointer Dereference. CVSS score: 5.5/10. Published 2026-03-20.
How severe is CVE-2026-33179?: Medium severity. CVSS v3 base score is 5.5 out of 10.