Bright Nexus

Published on May 15, 2026

VMware Fusion Flaw Could Allow Attackers to Gain Root Privileges

Severity

High

Detail

A vulnerability has been identified in VMware Fusion that allows a local attacker to escalate privileges to root on affected systems.

The issue, tracked as CVE-2026-41702, stems from a Time-of-Check Time-of-Use (TOCTOU) race condition within a SETUID binary. This occurs when a system validates a condition but later acts on it without re-verifying whether the state has changed, creating a potential exploitation window.

CVE IDSummaryCVSS Score
CVE-2026-41702VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SETUID binary. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed. 7.8 (High)

A local user without administrative rights may exploit this flaw to obtain root-level access, resulting in full system compromise. This includes the ability to execute arbitrary commands, modify system files, and establish persistent malware.

The vulnerability affects VMware Fusion version 25H2 across supported platforms. Although no active exploitation has been reported, the attack requires only local access and no user interaction, increasing its risk in multi-user or enterprise environments.

The issue was reported by security researcher Mathieu Farrell and disclosed through Broadcom’s advisory VMSA-2026-0003 on May 14, 2026.

Broadcom has addressed the issue in VMware Fusion version 26H1. No workaround is currently available, making patching the only mitigation.

Affected Products

The vulnerability affects VMware Fusion version 25H2 across supported platforms.

Recommendation

  • Upgrade immediately to VMware Fusion version 26H1 to remediate the issue.
  • Restrict local user privileges to reduce exploitation opportunities.
  • Monitor endpoints for unusual local activity indicative of privilege escalation attempts.
  • Prioritize patching of virtualization tools used in development and sandbox environments.
  • Treat this vulnerability as high risk due to its low complexity and potential for chaining with other exploits.

Source

https://gbhackers.com/vmware-fusion-flaw-gain-root-privileges/   

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37454