Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: vmware-fusion (1 article)Clear

Broadcom patches macOS local privilege escalation in VMware Fusion - SETUID TOCTOU lets unprivileged users get root on the host (CVE-2026-41702)

Broadcom released a security update for VMware Fusion to fix CVE-2026-41702, a high-severity local privilege escalation that lets any non-administrative user on a Mac running Fusion become root on the host. The flaw is a time-of-check time-of-use race condition inside a SETUID binary used by Fusion - the kind of bug that turns a foothold on a developer workstation into full host control. Researcher Mathieu Farrell reported it privately. Broadcom rated the issue 'important' (CVSSv3 7.8). The advisory landed the same week as Pwn2Own Berlin, where VMware ESXi exploits can earn participants up to 200,000 dollars - Broadcom is on-site.

Check
Inventory macOS endpoints with VMware Fusion installed (especially developer, security research, and lab fleets), check the installed Fusion version against the patched 26H1 release, and review who has local user access on those Macs.
Affected
VMware Fusion 25H2 on macOS. Exploit requires local user access to the Mac but not administrative privileges - so any shared, lab, or developer workstation is in scope.
Fix
Update VMware Fusion to 26H1 from the Broadcom Support Portal. On managed Mac fleets, push the update through MDM. Until patched, restrict shared access to Fusion-equipped Macs and prefer admin-only accounts for hands-on lab work.