CVE-2026-22721 - Vulnerability Details

- VMware Aria Operations privilege escalation vulnerability

Description

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found in VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 .

Published: 2026-02-25

Score: 6.2 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

VMware Aria Operations contains a privilege escalation flaw. A user who already has vCenter access can use the vulnerability to obtain administrator rights within Aria Operations. This gives the attacker the ability to modify, delete, or create configurations, view sensitive data, and potentially impact other connected VMware services. The weakness maps to Improper Privilege Management (CWE‑269).

Affected Systems

Affected products include VMware Aria Operations, VMware Cloud Foundation, VMware Telco Cloud Infrastructure, and VMware Telco Cloud Platform. The advisory specifies fixes for Aria Operations 8.18.6 (for all 8.x releases) and Cloud Foundation Operations 9.0.2.0 (for all 9.x releases). Earlier versions of these products are considered vulnerable until the listed patches are applied.

Risk and Exploitability

The CVSS score of 6.2 indicates a medium severity; the EPSS score of less than 1% denotes a very low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector is likely an authenticated scenario where the attacker already has some vCenter permissions and can then move into Aria Operations. An attacker would need ability to send requests to the Aria Operations API from a user with vCenter privileges to trigger the privilege escalation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

VMware

VMware Aria Operations

affected

Version	Status	Constraints
`8.18.0`	affected	< 8.18.6
`8.18.6`	unaffected	—

VMware

VMware Cloud Foundation

affected

Version	Status	Constraints
`4.0`	affected	< 5.2.3
`9.0`	affected	< 9.0.2
`5.2.3`	unaffected	—
`9.0.2`	unaffected	—

VMware

VMware Telco Cloud Platform

affected

Version	Status	Constraints
`4.0`	affected	< 5.2.3
`5.2.3`	unaffected	—

VMware

VMware Telco Cloud Infrastructure

affected

Version	Status	Constraints
`2.0`	affected	< 5.2.3
`5.2.3`	unaffected	—

Configuration 1 [-]

OR	cpe:2.3:a:vmware:aria_operations::::::::
	cpe:2.3:a:vmware:cloud_foundation::::::::
	cpe:2.3:a:vmware:cloud_foundation::::::::
	cpe:2.3:a:vmware:telco_cloud_infrastructure::::::::
	cpe:2.3:a:vmware:telco_cloud_platform::::::::

No data.

Vendor Product Confidence Versions

Vmware

Aria Operations

86%

Version	Status	Scheme	Platform
`[8.18.0,8.18.6)`	affected	semver	—
`8.18.6`	unaffected	semver	—

Vmware

Cloud Foundation

87%

Version	Status	Scheme	Platform
`[4.0,5.2.3)`	affected	generic	—
`[9.0,9.0.2)`	affected	generic	—
`5.2.3`	unaffected	semver	—
`9.0.2`	unaffected	semver	—

Vmware

Telco Cloud Infrastructure

90%

Version	Status	Scheme	Platform
`[2.0,5.2.3)`	affected	generic	—
`5.2.3`	unaffected	semver	—

Vmware

Telco Cloud Platform

89%

Version	Status	Scheme	Platform
`[4.0,5.2.3)`	affected	generic	—
`5.2.3`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Solution

To remediate CVE-2026-22721, apply the vendor patches listed in the 'Fixed Version' column of the Response Matrix in VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 . Fixed versions include VMware Aria Operations 8.18.6 (for 8.x) and VMware Cloud Foundation Operations 9.0.2.0 (for 9.x).

OpenCVE Recommended Actions

Apply the vendor patches listed in the response matrix of VMSA-2026-0001 for the identified affected versions.
Restrict vCenter accounts that have access to Aria Operations to the minimal required role set; remove or reduce any privilege that could facilitate the escalation.
Monitor Aria Operations for unexpected administrative activity and audit logs to detect potential exploitation attempts.

Generated by OpenCVE AI on April 17, 2026 at 14:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00031.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947
https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-aria-operations-8186-release-notes.html

History

Wed, 04 Mar 2026 16:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:vmware:aria_operations:::::::: cpe:2.3:a:vmware:cloud_foundation:::::::: cpe:2.3:a:vmware:telco_cloud_infrastructure:::::::: cpe:2.3:a:vmware:telco_cloud_platform::::::::

Thu, 26 Feb 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 26 Feb 2026 13:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Vmware Vmware aria Operations Vmware cloud Foundation Vmware telco Cloud Infrastructure Vmware telco Cloud Platform
Vendors & Products		Vmware Vmware aria Operations Vmware cloud Foundation Vmware telco Cloud Infrastructure Vmware telco Cloud Platform

Wed, 25 Feb 2026 20:30:00 +0000

Type	Values Removed	Values Added
Description		VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found in VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 .
Title		VMware Aria Operations privilege escalation vulnerability
Weaknesses		CWE-269
References		https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-aria-operations-8186-release-notes.html
Metrics		cvssV3_1 `{'score': 6.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L'}`

Subscriptions

Vmware Aria Operations Cloud Foundation Telco Cloud Infrastructure Telco Cloud Platform

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2026-02-25T20:00:15.719Z

Updated: 2026-02-27T04:55:47.793Z

Reserved: 2026-01-09T06:54:36.841Z

Link: CVE-2026-22721

Vulnrichment

Updated: 2026-02-26T14:07:43.355Z

NVD

Status : Analyzed

Published: 2026-02-25T21:16:40.277

Modified: 2026-03-04T15:54:26.430

Link: CVE-2026-22721

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T15:00:11Z

Weaknesses

CWE-269

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object