A newly disclosed vulnerability in VMware Fusion has raised serious security concerns after researchers confirmed it could allow attackers to escalate privileges to root on affected systems.
The flaw, tracked as CVE-2026-41702, has been rated high severity with a CVSS score of 7.8, highlighting its potential impact in real-world environments.
VMware Fusion Flaw
Broadcom, which now manages VMware products, published the advisory (VMSA-2026-0003) on May 14, 2026, warning that the issue stems from a Time-of-Check Time-of-Use (TOCTOU) race condition in a SETUID binary.
This type of vulnerability occurs when a system checks a condition but later uses the result without verifying whether it has changed, leaving an opportunity for exploitation.
According to Broadcom, a local attacker with non-administrative privileges can exploit this flaw to gain root-level access.
This effectively gives full control over the affected system, allowing attackers to execute arbitrary…
