Critical VMware Fusion Vulnerability Allows Local Privilege Escalation

Critical VMware Fusion Vulnerability Allows Local Privilege Escalation

First seen 15 May 2026, 02:28 UTC Securityaffairs.CoScworldCybersecuritynewsGbhackerssupport.broadcom.com 87% similarity 72.0

Article Content

Browse articles
ThreatCluster

Broadcom has released a critical security update for VMware Fusion to address CVE-2026-41702, a high-severity vulnerability that allows local attackers to escalate privileges to root on affected macOS systems. This TOCTOU (Time-of-Check Time-of-Use) flaw can be exploited by users with non-administrative privileges, enabling them to gain complete control over the system. The vulnerability was privately reported to Broadcom and patched on May 14, 2026. VMware Fusion is widely used by developers and IT professionals, making this flaw particularly concerning for organizations relying on this software. While the vulnerability requires local access, it significantly increases risks from compromised user accounts and insider threats. The CVSS score for this vulnerability is 7.8, indicating its potential impact in real-world environments.

Key Points: • CVE-2026-41702 allows local privilege escalation to root on macOS systems running VMware Fusion. • The vulnerability is categorized as high severity with a CVSS score of 7.8. • Broadcom released a patch for this vulnerability on May 14, 2026.

ThreatCluster AI

Timeline

2026-05-14
Patch released for VMware Fusion vulnerability
Broadcom issued a security update addressing CVE-2026-41702, a critical TOCTOU flaw.
Securityaffairs.Co
2026-05-15
CVE-2026-41702 published
The vulnerability was publicly disclosed, allowing local attackers to escalate privileges to root.
Scworld
2026-05-15
Security advisory released
Broadcom issued security advisory VMSA-2026-0003 regarding the high-severity vulnerability.
Cybersecuritynews

Community

Browse all →