Cyber Security News

VMware Aria Operations Vulnerability Could Allow Remote Code Execution

CybersecurityNews
VMware Aria Operations Vulnerability Could Allow Remote Code Execution

Broadcom released patches for several vulnerabilities in VMware Aria Operations, including high-severity flaws that can lead to remote code execution, stored XSS, and privilege escalation. The most critical is CVE-2026-22719, a command injection exploitable by unauthenticated attackers, with fixes delivered in VMware Cloud Foundation and vSphere Foundation 9.0.2.0 and Aria Operations 8.18.6. #VMwareAriaOperations #CVE-2026-22719

Keypoints

  • Broadcom patched multiple vulnerabilities in VMware Aria Operations, including high-severity issues.
  • CVE-2026-22719 (CVSS 8.1) is a command injection that can allow unauthenticated attackers to execute arbitrary commands.
  • CVE-2026-22720 (CVSS 8.0) is a stored XSS that lets users who can create custom benchmarks inject scripts to perform administrative actions.
  • CVE-2026-22721 is a medium-severity privilege escalation vulnerability that can lead to administrative access.
  • Patches are included in VMware Cloud Foundation and vSphere Foundation 9.0.2.0 and Aria Operations 8.18.6, and Broadcom did not report in-the-wild exploitation.

Read More: https://www.securityweek.com/vmware-aria-operations-vulnerability-could-allow-remote-code-execution/