Privilege escalation to root in Lima QEMU guests via a world-writable agent socket (CVE-2026-53657)

News

An unprivileged user inside a Lima QEMU guest could reach the root-owned guest-agent socket and run commands as root in the VM. Fixed in Lima v2.1.3. Lima scored it High, CVSS 8.2 with Scope: Changed, reflecting that crossing from an unprivileged account to root within the VM crosses a security boundary that other components rely on. Full write up is available on the Syntetisk blog. submitted by /u/Sandwich_1337 [link] [comments]Technical Information Security Content & DiscussionRead More