CVE-2026-53657
Received Received - Intake

Arbitrary Command Execution in Lima via Guest Agent Socket

Vulnerability report for CVE-2026-53657, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: GitHub, Inc.

Description

Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an arbitrary user in the VM could access /run/lima-guestagent.sock when the guest agent is enabled, which could result in running arbitrary commands with root privileges in the VM because the guest agent socket provides tunneling for arbitrary addresses, including Unix socket addresses for privileged daemons like D-Bus. This issue is fixed in version 2.1.3.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-10
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
linaro lima to 2.1.3 (inc)
lima_vm lima 2.1.3
containerd containerd 2.3.2
nerdctl nerdctl 2.3.3

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-668 The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects Lima instances running Linux virtual machines with the QEMU driver and the guest agent enabled. An arbitrary user inside the VM can access the guest agent socket located at /run/lima-guestagent.sock. This socket provides tunneling services, including access to privileged Unix sockets such as D-Bus, which allows the user to execute arbitrary commands with root privileges inside the VM.

The issue arises because the socket has incorrect default permissions, exposing it to users who should not have access. This vulnerability does not affect the host system or VMs using the vz driver, as the guest agent in vz uses vsocks instead of Unix sockets. The vulnerability was fixed in Lima version 2.1.3.

Compliance Impact

The vulnerability allows an arbitrary user within a QEMU virtual machine running Lima to escalate privileges to root inside the VM by exploiting the guest agent socket. This could lead to unauthorized access and control over privileged processes within the VM.

Such unauthorized privilege escalation and potential unauthorized access to sensitive data or system controls could negatively impact compliance with standards and regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive information.

However, the vulnerability is limited to the VM environment and does not affect the host system. The issue was fixed in Lima version 2.1.3 by restricting socket access.

Impact Analysis

If you are running a Lima VM with the QEMU driver and the guest agent enabled, an arbitrary user inside the VM could escalate their privileges to root. This means they could execute any command with full administrative rights within the VM, potentially compromising the integrity, confidentiality, and availability of the VM environment.

This could lead to unauthorized access to sensitive data, modification or deletion of critical files, and disruption of services running inside the VM. However, this vulnerability does not affect the host system or VMs using the vz driver.

Detection Guidance

This vulnerability can be detected by checking if a Lima VM is running with the QEMU driver and if the guest agent is enabled. Specifically, you should verify the presence and permissions of the socket file `/run/lima-guestagent.sock` inside the VM.

Commands to detect the vulnerability include inspecting the socket file permissions and ownership within the VM:

  • Run `ls -l /run/lima-guestagent.sock` inside the VM to check if the socket exists and its permission settings.
  • Check if the guest agent is enabled and running by inspecting the relevant systemd service or process inside the VM.
  • Verify if the Lima VM is using the QEMU driver rather than the vz driver, as the vulnerability only affects QEMU.
Mitigation Strategies

To mitigate this vulnerability, you should upgrade Lima to version 2.1.3 or later, where the issue is fixed.

The fix involves restricting access to the guest agent socket by changing its ownership and permissions so that only the main user inside the VM can access it.

  • Upgrade Lima to v2.1.3 or newer.
  • Use the new `--socket-owner` command-line flag to specify the UID of the main user who should own the UNIX socket, ensuring the socket permissions are set to 0600.
  • Disable the guest agent if it is not required.

Note that the vulnerability does not affect VMs using the vz driver or macOS hosts with the guest agent disabled.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53657. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart