Lima
v2.1.3Kubernetes CoreLima v2.1.3 is a security-focused patch release fixing two CVEs: a privilege escalation in QEMU VMs and multiple containerd CVEs bundled via nerdctl v2.3.3. Upgrade promptly.
securityPatch QEMU privilege escalation (CVE-2026-53657) immediately
Any unprivileged user inside a QEMU-backed Lima VM could gain root inside that VM by abusing the guest agent socket. If you share Lima VMs among multiple users or run untrusted workloads, this is high priority. Upgrade to v2.1.3 and restart affected VMs.
securitycontainerd CVE batch via nerdctl v2.3.3 — upgrade required
Five CVEs in containerd are fixed in the bundled nerdctl v2.3.3 (containerd v2.3.2). If your Lima instances run container workloads, the old containerd is exposed. Upgrade Lima and recreate or restart VMs to pick up the new nerdctl binary.
breakingcontainerd.user defaults changed for non-Linux guests
Lima no longer sets containerd.user=true by default on non-Linux guests (macOS, Windows). If you relied on rootless containerd on those platforms without explicitly setting this, validate your VM config after upgrading and set containerd.user=true explicitly if needed.
Key changes (5)
- Fixes CVE-2026-53657: arbitrary guest users could escalate to root via the QEMU guest agent socket
- nerdctl bumped to v2.3.3, which bundles containerd v2.3.2 fixing CVE-2026-50195, CVE-2026-53488, CVE-2026-53492, CVE-2026-53489, CVE-2026-47262
- Default template image switched from ubuntu-25.10 to ubuntu-26.04
- containerd.user no longer defaults to true on non-Linux guests (behavior change for macOS/Windows VM workloads)
- copytool: auto mode now falls back to scp when both source and destination are remote