CVE-2026-22719 - Vulnerability Details

- VMware Aria Operations command injection vulnerability

Description

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress.

To remediate CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001

Workarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001

Published: 2026-02-25

Score: 8.1 High

EPSS: 2.1% Low

KEV: Yes

Impact:

Action:

Analysis

Impact

The vulnerability is a command injection flaw that does not properly validate user input, allowing a malicious actor to inject operating‑system commands. An unauthenticated attacker can trigger this during a support‑assisted migration and execute arbitrary commands with the privilege level of the Aria Operations service, potentially compromising the entire platform. The weakness is classified as CWE‑77.

Affected Systems

The flaw affects VMware Aria Operations, VMware Cloud Foundation Operations, VMware Telco Cloud Infrastructure, and VMware Telco Cloud Platform. Versions impacted include Aria Operations 8.x (fixed in 8.18.6) and Cloud Foundation Operations 9.x (fixed in 9.0.2.0).

Risk and Exploitability

The CVSS score of 8.1 marks the vulnerability as high severity. An EPSS score of 2% indicates a modest likelihood of exploitation, and the vulnerability is listed in the CISA Known Exploited Vulnerabilities catalog, confirming it has already been targeted. Attackers can exploit the flaw without authentication during migration, giving them full control over the affected systems. The combination of high impact, moderate exploitation probability, and confirmed field exploitation makes this an urgent risk.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

VMware

VMware Aria Operations

affected

Version	Status	Constraints
`8.18.x`	affected	< 8.18.6

VMware

VMware Cloud Foundation Operations

affected

Version	Status	Constraints
`9.0`	affected	< 9.0.2
`9.0.2`	unaffected	—
`4.0`	affected	< 5.2.3
`5.2.3`	unaffected	—

VMware

Telco Cloud Platform

affected

Version	Status	Constraints
`2.0`	affected	< 5.2.3
`5.2.3`	unaffected	—

VMware

Telco Cloud Infrastructure

affected

Version	Status	Constraints
`2.0`	affected	< 5.2.3
`5.2.3`	unaffected	—

Configuration 1 [-]

OR	cpe:2.3:a:vmware:aria_operations::::::::
	cpe:2.3:a:vmware:cloud_foundation::::::::
	cpe:2.3:a:vmware:cloud_foundation::::::::
	cpe:2.3:a:vmware:telco_cloud_infrastructure::::::::
	cpe:2.3:a:vmware:telco_cloud_platform::::::::

No data.

Vendor Product Confidence Versions

Vmware

Aria Operations

100%

Version	Status	Scheme	Platform
`[8.18.0,8.18.6)`	affected	semver	—
`8.18.6`	unaffected	semver	—

Vmware

Cloud Foundation

92%

Version	Status	Scheme	Platform
`[9.0,9.0.2)`	affected	generic	—
`9.0.2`	unaffected	semver	—
`[4.0,5.2.3)`	affected	generic	—
`5.2.3`	unaffected	semver	—

Vmware

Telco Cloud Infrastructure

100%

Version	Status	Scheme	Platform
`[2.0,5.2.3)`	affected	generic	—
`5.2.3`	unaffected	semver	—

Vmware

Telco Cloud Platform

100%

Version	Status	Scheme	Platform
`[2.0,5.2.3)`	affected	generic	—
`5.2.3`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Solution

Apply the vendor patches listed in the 'Fixed Version' column of the Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 in VMSA-2026-0001. Fixed versions include VMware Aria Operations 8.18.6 (for 8.x) and VMware Cloud Foundation Operations 9.0.2.0 (for 9.x).

Vendor Workaround

Workarounds are available and documented by the vendor (see VMSA-2026-0001 KB430349) https://knowledge.broadcom.com/external/article/430349 for environments where immediate patching is not possible.

OpenCVE Recommended Actions

Apply the vendor patches for VMware Aria Operations 8.18.6 (for version 8.x) and VMware Cloud Foundation Operations 9.0.2.0 (for version 9.x) as detailed in the VMSA-2026-0001 response matrix.
If immediate patching is not possible, deploy the vendor‑documented workarounds available in KB430349 and the workarounds column of VMSA-2026-0001 to mitigate command injection risk during migration.
Restrict administrative and migration interfaces to trusted networks or use a staged migration process with strict access controls to reduce the attack window, addressing the command‑injection weakness (CWE‑77).

Generated by OpenCVE AI on April 15, 2026 at 15:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since March 3, 2026.

The EPSS score is 0.02095.

Exploitation active

Automatable no

Technical Impact total

References

Link	Providers
https://knowledge.broadcom.com/external/article/430349
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947
https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-aria-operations-8186-release-notes.html
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-22719

History

Wed, 04 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:vmware:aria_operations:::::::: cpe:2.3:a:vmware:cloud_foundation:::::::: cpe:2.3:a:vmware:telco_cloud_infrastructure:::::::: cpe:2.3:a:vmware:telco_cloud_platform::::::::

Tue, 03 Mar 2026 20:15:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-22719
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 03 Mar 2026 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2026-03-03T00:00:00+00:00', 'dueDate': '2026-03-24T00:00:00+00:00'}`

Fri, 27 Feb 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 26 Feb 2026 16:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-77

Thu, 26 Feb 2026 13:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Vmware Vmware aria Operations Vmware cloud Foundation Vmware telco Cloud Infrastructure Vmware telco Cloud Platform
Vendors & Products		Vmware Vmware aria Operations Vmware cloud Foundation Vmware telco Cloud Infrastructure Vmware telco Cloud Platform

Wed, 25 Feb 2026 19:45:00 +0000

Type	Values Removed	Values Added
Description		VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. To remediate CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001 Workarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001
Title		VMware Aria Operations command injection vulnerability
References		https://knowledge.broadcom.com/external/article/430349 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-aria-operations-8186-release-notes.html
Metrics		cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

Vmware Aria Operations Cloud Foundation Telco Cloud Infrastructure Telco Cloud Platform

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2026-02-25T19:18:59.269Z

Updated: 2026-04-14T10:38:25.169Z

Reserved: 2026-01-09T06:54:36.841Z

Link: CVE-2026-22719

Vulnrichment

Updated: 2026-02-26T15:50:15.344Z

NVD

Status : Analyzed

Published: 2026-02-25T20:23:46.840

Modified: 2026-03-04T15:08:13.743

Link: CVE-2026-22719

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-15T17:00:07Z

Weaknesses

CWE-77

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation active

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object