Broadcom has released a VMware Fusion update to fix CVE-2026-41702, a high-severity TOCTOU flaw that could let a local non-administrative user escalate privileges to root. The patch comes as VMware products are expected to face scrutiny at Pwn2Own, where Broadcom is also present and more fixes may be announced soon. #VMwareFusion #CVE-2026-41702 #Broadcom #MathieuFarrell #Pwn2Own
Keypoints
- Broadcom patched VMware Fusion for CVE-2026-41702.
- The flaw is a TOCTOU issue in a SETUID binary operation.
- A local non-administrative user could escalate to root.
- The vulnerability was reported by Mathieu Farrell.
- VMware products may receive more patches during Pwn2Own.
Read More: https://www.securityweek.com/high-severity-vulnerability-patched-in-vmware-fusion/