anonhaven
Ad

CVE-2026-22721

MEDIUM CVSS 3.1: 6.2 EPSS 0.03%
Updated Feb 25, 2026
VMWARE
Parameter Value
CVSS 6.2 (MEDIUM)
Type CWE-269 (Improper Privilege Management)
Vendor VMWARE
Public PoC No

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found in  VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 .

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
High
Difficult to exploit
Privileges Required
High
Admin privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
Low
Partial disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-269 Improper Privilege Management

References 2

https://support.broadcom.com/web/ecx/support-content-notification/-/external/co…
security@vmware.com
https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware…
security@vmware.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-28713

VMWARE

7.1

CVE-2026-22717

VMWARE

2.7

CVE-2026-22716

VMWARE

5.0

CVE-2026-22715

VMWARE

5.9

CVE-2026-22720

VMWARE

8.0