PatchSiren

lima-vm CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH lima-vm CVE published 2026-07-10

CVE-2026-53657

CVE-2026-53657 is a high-severity vulnerability in Lima, a tool for running Linux virtual machines on macOS. An arbitrary user in the VM could access the guest agent socket, potentially leading to privilege escalation. This issue is fixed in version 2.1.3. The vulnerability allows an arbitrary user in the VM to access the /run/lima-guestagent.sock when the guest agent is enabled, which could result in run [truncated]