Broadcom has patched a high-severity vulnerability in VMware Fusion that could allow attackers with local non-administrative access to escalate privileges to root level on affected systems. The flaw, designated CVE-2026-41702, is a time-of-check time-of-use vulnerability in a SETUID binary, and while there's no evidence of active exploitation yet, VMware products are frequently targeted by attackers in the wild. The patch comes as VMware products face scrutiny at this week's Pwn2Own hacking competition, where security researchers can earn up to two hundred thousand dollars for demonstrating exploits.