CVE-2026-22719
VMware Aria Operations command injection vulnerability
In short
VMware Aria Operations has a vulnerability that allows attackers to run unauthorized commands on the system without needing to log in, potentially taking complete control of the software during data migration processes.
Technical detail
This command injection vulnerability (CWE-77) exists in VMware Aria Operations and can be exploited by an unauthenticated attacker during support-assisted product migration to execute arbitrary commands, leading to remote code execution. The attack vector is network-based and requires the migration feature to be actively in progress.
Summary generated and translated by AI from the official description.
VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress.
To remediate CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001
Workarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
VMware · Telco Cloud InfrastructureVMware · Telco Cloud PlatformVMware · VMware Aria OperationsVMware · VMware Cloud Foundation OperationsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://knowledge.broadcom.com/external/article/430349https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-aria-operations-8186-release-notes.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-22719