According to Security Affairs, Broadcom has released a critical security update for VMware Fusion to address a high-severity vulnerability, identified as CVE-2026-41702. This flaw could permit local attackers to escalate their privileges to root on affected systems.The vulnerability is a time-of-check time-of-use (TOCTOU) flaw affecting operations performed by a SETUID binary. A local attacker with non-administrative privileges can exploit this bug to gain root access on a system where VMware Fusion is installed. Successful exploitation allows attackers with limited access to achieve complete control over vulnerable machines, significantly increasing the risk from compromised user accounts or insider threats. TOCTOU vulnerabilities arise when a system checks a resource's state and then uses it without verifying that the state hasn't changed.VMware Fusion is commonly used by developers, IT professionals, and security researchers on macOS. While this vulnerability requires local access and doesn't expose systems to direct remote compromise, privilege escalation remains a critical concern for attackers.Source: Security Affairs
Vulnerability Management
Broadcom patches high-severity VMware Fusion flaw allowing local privilege escalation

Signage is displayed outside the Broadcom offices on June 7, 2018, in San Jose, Calif. (Photo by Justin Sullivan/Getty Images)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



