"A malicious unauthenticated actor may exploit this issue to execute arbitrary commands, which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. The shortcoming was addressed, along with CVE-2026-22720, a stored cross-site scripting vulnerability, and CVE-2026-22721, a privilege escalation vulnerability that could result in administrative access."
"CISA on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria Operations to its Known Exploited Vulnerabilities catalog, citing active exploitation in the wild. The high-severity vulnerability, CVE-2026-22719 (CVSS score: 8.1), has been described as a case of command injection that could allow an unauthenticated attacker to execute arbitrary commands."
"Customers who cannot apply the patch immediately can download and run a shell script (aria-ops-rce-workaround.sh) as root from each Aria Operations Virtual Appliance node. In light of active exploitation, Federal Civilian Executive Branch agencies are required to apply the fixes by March 24, 2026."
CISA has added CVE-2026-22719 to its Known Exploited Vulnerabilities catalog after confirming active exploitation. This high-severity command injection vulnerability (CVSS 8.1) in Broadcom VMware Aria Operations allows unauthenticated attackers to execute arbitrary commands and achieve remote code execution during product migration. Broadcom also patched two additional vulnerabilities: CVE-2026-22720 (stored cross-site scripting) and CVE-2026-22721 (privilege escalation). Fixes are available for VMware Cloud Foundation, vSphere Foundation 9.x, and Aria Operations 8.x. A workaround script is available for immediate deployment. Federal agencies must apply patches by March 24, 2026. Details about exploitation methods and threat actors remain unknown.
#cybersecurity-vulnerability #vmware-aria-operations #command-injection #remote-code-execution #cisa-kev-catalog
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]