CometSoul

make IT easy

  • Bahasa Indonesia
  • English

    • CISA Adds VMware Aria Operations Vulnerability CVE-2026-22719 to KEV Catalog

    by

    Juni Artawan
    in

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly disclosed VMware Aria Operations vulnerability (CVE-2026-22719) to its Known Exploited Vulnerabilities (KEV) catalog after reports of active exploitation in the wild. The flaw affects Broadcom VMware Aria Operations and poses a serious risk to organizations running vulnerable systems.

    The vulnerability, tracked as CVE-2026-22719, carries a CVSS score of 8.1 and is classified as a command injection vulnerability. According to Broadcom, an unauthenticated attacker could exploit this flaw to execute arbitrary commands on affected systems, potentially leading to remote code execution (RCE) during support-assisted product migration.

    Affected VMware Products

    Broadcom has released security updates to address this vulnerability along with two additional issues:

    • CVE-2026-22720 – Stored cross-site scripting (XSS) vulnerability
    • CVE-2026-22721 – Privilege escalation vulnerability

    The vulnerabilities affect the following products:

    • VMware Cloud Foundation and VMware vSphere Foundation 9.x.x.x – fixed in version 9.0.2.0
    • VMware Aria Operations 8.x – fixed in version 8.18.6

    Organizations running these versions should update immediately to protect their infrastructure.

    Temporary Workaround Available

    For customers who cannot immediately install the patches, Broadcom recommends applying a temporary workaround. Administrators can download and execute the shell script aria-ops-rce-workaround.sh as root on each Aria Operations Virtual Appliance node to mitigate the risk until updates are deployed.

    Active Exploitation Reported

    Although CISA confirmed that the vulnerability is being actively exploited, there are currently no public details about the threat actors involved, the attack techniques used, or the scale of exploitation.

    Broadcom stated that it is aware of reports suggesting real-world attacks but has not independently confirmed the exploitation activity.

    Federal Agencies Must Patch by March 2026

    Due to the active exploitation risk, Federal Civilian Executive Branch (FCEB) agencies are required to apply security fixes by March 24, 2026, in accordance with CISA’s KEV remediation requirements.

    Security experts strongly recommend that organizations using VMware Aria Operations apply the latest patches immediately and monitor systems for suspicious activity to prevent potential compromise.

    Source: https://thehackernews.com/2026/03/cisa-adds-actively-exploited-vmware.html