Privilege escalation to root in Lima QEMU guests via a world-writable agent socket (CVE-2026-53657)
An unprivileged user inside a Lima QEMU guest could reach the root-owned guest-agent socket and run commands as root in the VM. Fixed in Lima v2.1.3.
An unprivileged user inside a Lima QEMU guest could reach the root-owned guest-agent socket and run commands as root in the VM. Fixed in Lima v2.1.3.
A two-byte gRPC request crashed AWS’s Kubernetes KMS plugin. Coordinated disclosure with AWS VDP; fix merged as aws-encryption-provider#169.