anonhaven
Ad

CVE-2026-22719

HIGH CVSS 3.1: 8.1 EPSS 1.79% ACTIVE EXPLOIT
Updated Feb 26, 2026
VMWARE

CISA Known Exploited Vulnerability (KEV)

This vulnerability is actively exploited in the wild. Immediate patching is strongly recommended.

Due Date: Mar 24, 2026

Parameter Value
CVSS 8.1 (HIGH)
Type CWE-77 (Command Injection)
Vendor VMWARE
Public PoC No

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress.  To remediate CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001  Workarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
High
Difficult to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-77 Command Injection

References 3

https://knowledge.broadcom.com/external/article/430349
security@vmware.com
https://support.broadcom.com/web/ecx/support-content-notification/-/external/co…
security@vmware.com
https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware…
security@vmware.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-28713

VMWARE

7.1

CVE-2026-22717

VMWARE

2.7

CVE-2026-22716

VMWARE

5.0

CVE-2026-22715

VMWARE

5.9

CVE-2026-22721

VMWARE

6.2