Skip to main content

Lima

2 CVEs product

Monthly

CVE-2026-53657 HIGH PATCH This Week

Local privilege escalation in Lima (lima-vm) before 2.1.3 lets any unprivileged user inside a guest VM reach root when the instance runs the QEMU driver with the guest agent enabled. Because the world-reachable /run/lima-guestagent.sock exposes address tunneling - including Unix sockets for privileged daemons such as D-Bus - an in-guest attacker can proxy to root-owned services and execute arbitrary commands as root. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Privilege Escalation Apple Lima
NVD GitHub
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-32684 Go LOW PATCH Monitor

Lima launches Linux virtual machines, typically on macOS, for running containerd. Rated low severity (CVSS 2.5), this vulnerability is no authentication required.

Path Traversal Information Disclosure Apple Lima
NVD GitHub
CVSS 3.1
2.5
EPSS
0.3%
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Local privilege escalation in Lima (lima-vm) before 2.1.3 lets any unprivileged user inside a guest VM reach root when the instance runs the QEMU driver with the guest agent enabled. Because the world-reachable /run/lima-guestagent.sock exposes address tunneling - including Unix sockets for privileged daemons such as D-Bus - an in-guest attacker can proxy to root-owned services and execute arbitrary commands as root. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Privilege Escalation Apple Lima
NVD GitHub
EPSS 0% CVSS 2.5
LOW PATCH Monitor

Lima launches Linux virtual machines, typically on macOS, for running containerd. Rated low severity (CVSS 2.5), this vulnerability is no authentication required.

Path Traversal Information Disclosure Apple +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy