Description
A malicious actor with authenticated user privileges on a Windows based Workstation host may be able to cause a null pointer dereference error. To Remediate CVE-2026-22722, apply the patches listed in the "Fixed version" column of the 'Response Matrix'
Published: 2026-02-26
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Immediately
AI Analysis

Impact

A null pointer dereference in VMware Workstation for Windows can cause a software crash when an authenticated user triggers it, leading to a loss of service for the workstation. This flaw does not enable code execution or data exfiltration but results in a denial of service for the local host. The weakness is classified as CWE‑476.

Affected Systems

VMware Workstation software running on Windows operating systems is affected. Specific version information is not provided in the advisory; any installations of VMware Workstation that have not applied the advertised patches are vulnerable.

Risk and Exploitability

The CVSS score of 6.1 indicates a medium severity. The EPSS score is reported as less than 1%, suggesting exploitation is unlikely but still possible in environments where an attacker has local authenticated access. Because the flaw requires local authentication and is not listed in the CISA KEV catalog, the risk is moderate with low probability of exploitation.

Generated by OpenCVE AI on April 18, 2026 at 17:35 UTC.

Remediation

Vendor Solution

To Remediate CVE-2026-22722, apply the patches listed in the "Fixed version" column of the 'Response Matrix'

OpenCVE Recommended Actions

  • Update VMware Workstation to a version that includes the fixed patches listed in the Response Matrix.
  • Restrict VMware Workstation usage to trusted authenticated users and enforce least‑privilege policies.
  • Enable monitoring and alerting for VMware Workstation crashes to detect potential exploitation attempts.

Generated by OpenCVE AI on April 18, 2026 at 17:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Vmware
Vmware workstation
Vendors & Products Vmware
Vmware workstation

Thu, 26 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Description A malicious actor with authenticated user privileges on a Windows based Workstation host may be able to cause a null pointer dereference error. To Remediate CVE-2026-22722, apply the patches listed in the "Fixed version" column of the 'Response Matrix'
Title VMware Workstation for Windows null pointer dereference may allow an authenticated user to trigger a crash
Weaknesses CWE-476
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H'}

Subscriptions

Vmware Workstation
cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2026-02-27T17:54:16.126Z

Reserved: 2026-01-09T06:54:36.841Z

Link: CVE-2026-22722

cve-icon Vulnrichment

Updated: 2026-02-27T17:54:12.764Z

cve-icon NVD

Status : Deferred

Published: 2026-02-26T19:32:38.057

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-22722

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T17:45:06Z

Weaknesses