CVE-2026-22716 - Vulnerability Details

- VMware Workstation out-of-bounds write vulnerability

Description

Out-of-bound write vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to terminate certain Workstation processes.

Published: 2026-02-27

Score: 5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An out‑of‑bounds write bug in VMware Workstation versions 25H1 and earlier lets a user with non‑administrative rights in a guest virtual machine cause the termination of certain Workstation processes, effectively denying service to the host. The weakness is a classic buffer overrun insufficiency (CWE‑787).

Affected Systems

VMware Workstation 25H1 and older on any supported operating system. Users of these versions are exposed to the flaw regardless of the host platform.

Risk and Exploitability

The vulnerability scores a moderate CVSS of 5.0 and has a very low likelihood of exploitation (EPSS < 1%). It is not listed in the CISA Known Exploited Vulnerabilities catalog, suggesting no widely used exploit at this time. An attacker would need to be able to run unprivileged code inside the guest VM, then exploit the buffer overrun to trigger a write that leads to process termination on the host. Because the attack vector is local to the guest, the risk is confined to hosts where the attacker already has some presence in a guest machine.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

VMware

Workstation

unaffected

Version	Status	Constraints
`25H2`	affected	< 25H2U1

No data.

Vendor Product Confidence Versions

Vmware

Workstation

100%

Version	Status	Scheme	Platform
`[25H2,25H2U1)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade VMware Workstation to version 25H2 or later, which contains a mitigation for the buffer overrun.
Apply the official vendor patch or installation update released after the advisory publication.
Enforce strict least‑privilege policies inside guest operating systems so that ordinary users cannot execute code that could trigger the vulnerability.
Monitor Workstation process stability and log anomalies to detect unexpected terminations that could indicate exploitation attempts.

Generated by OpenCVE AI on April 16, 2026 at 15:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00009.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36986

History

Mon, 02 Mar 2026 12:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Vmware Vmware workstation
Vendors & Products		Vmware Vmware workstation

Fri, 27 Feb 2026 20:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-125

Fri, 27 Feb 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 27 Feb 2026 19:30:00 +0000

Type	Values Removed	Values Added
Description	Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to obtain limited information disclosure from the machine where VMware Workstation is installed.	Out-of-bound write vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to terminate certain Workstation processes.
Title	VMware Workstation and VMware Fusion out-of-bound read vulnerability	VMware Workstation out-of-bounds write vulnerability
Weaknesses		CWE-787
Metrics	cvssV3_1 `{'score': 2.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N'}`	cvssV3_1 `{'score': 5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L'}`

Fri, 27 Feb 2026 19:15:00 +0000

Type	Values Removed	Values Added
Description		Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to obtain limited information disclosure from the machine where VMware Workstation is installed.
Title		VMware Workstation and VMware Fusion out-of-bound read vulnerability
Weaknesses		CWE-125
References		https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36986
Metrics		cvssV3_1 `{'score': 2.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N'}`

Subscriptions

Vmware Workstation

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2026-02-27T19:01:44.248Z

Updated: 2026-02-27T19:19:19.576Z

Reserved: 2026-01-09T06:54:36.840Z

Link: CVE-2026-22716

Vulnrichment

Updated: 2026-02-27T19:13:53.197Z

NVD

Status : Deferred

Published: 2026-02-27T19:16:07.200

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-22716

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-16T15:30:06Z

Weaknesses

CWE-787

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object