anonhaven
Ad

CVE-2026-22721

MEDIUM CVSS 3.1: 6.2 EPSS 0.09%
Updated Feb 25, 2026
VMWARE
Parameter Value
CVSS 6.2 (MEDIUM)
Type CWE-269 (Improper Privilege Management (Неправильное управление привилегиями))
Vendor VMWARE
Public PoC No

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found in  VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 .

Attack Parameters

Attack Vector
Network
Атака возможна удалённо
Attack Complexity
High
Сложно эксплуатировать
Privileges Required
High
Нужны права администратора
User Interaction
None
Не нужно действие пользователя

Impact Assessment

Confidentiality
High
Полная утечка данных
Integrity
High
Полная модификация данных
Availability
Low
Частичное нарушение работы

CVSS Vector v3.1

Weakness Type (CWE)

CWE-269 Improper Privilege Management (Неправильное управление привилегиями)

References 2

https://support.broadcom.com/web/ecx/support-content-notification/-/external/co…
security@vmware.com
https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware…
security@vmware.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-28713

VMWARE

7.1

CVE-2026-22717

VMWARE

2.7

CVE-2026-22716

VMWARE

5.0

CVE-2026-22715

VMWARE

5.9

CVE-2026-22720

VMWARE

8.0