Broadcom releases VMware Fusion security update for root access bug

Broadcom releases VMware Fusion security update for root access bug

Broadcom releases VMware Fusion security update for root access bug

Pierluigi Paganini
May 14, 2026

Broadcom patched a high-severity VMware Fusion flaw, CVE-2026-41702, that could let local attackers gain root privileges.

Broadcom released a security update for VMware Fusion to address a high-severity vulnerability, tracked as CVE-2026-41702, that could allow local attackers to escalate privileges to root on affected systems.

The flaw is a time-of-check time-of-use (TOCTOU) vulnerability affecting operations performed by a SETUID binary that was reported by security researcher Mathieu Farrell.

Broadcom explained that an attacker with local non-administrative user privileges can exploit the bug to escalate privileges to root on the system where Fusion is installed.

“A local privilege escalation vulnerability in VMware Fusion was privately reported to Broadcom.” reads the advisory. “Updates are…