DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-22719: CVE-2026-22719: Unauthenticated Command Injection in VMware Aria Operations

#security #cve #cybersecurity

CVE-2026-22719: Unauthenticated Command Injection in VMware Aria Operations

Vulnerability ID: CVE-2026-22719
CVSS Score: 8.1
Published: 2026-02-25

A high-severity command injection vulnerability exists in the support-assisted product migration interface of VMware Aria Operations (formerly vRealize Operations). The flaw allows unauthenticated remote attackers to execute arbitrary commands with administrative privileges, provided the target system is actively undergoing a support-assisted migration. This vulnerability has been identified in active exploitation campaigns and added to the CISA Known Exploited Vulnerabilities (KEV) catalog.

TL;DR

Unauthenticated Remote Code Execution (RCE) in VMware Aria Operations via the migration service. Rated CVSS 8.1 (High) due to high attack complexity (requires active migration state). Actively exploited in the wild.

⚠️ Exploit Status: ACTIVE

Technical Details

  • CVSS v3.1: 8.1 (High)
  • Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CWE: CWE-77 (Command Injection)
  • EPSS Score: 10.76%
  • EPSS Percentile: 93.20%
  • KEV Status: Listed (Active Exploitation)

Affected Systems

  • VMware Aria Operations 8.0 - 8.18.5
  • VMware Aria Operations 9.0.0 - 9.0.1
  • VMware Cloud Foundation (Operations) 4.x - 5.2.2
  • VMware Cloud Foundation (Operations) 9.0 - 9.0.1
  • VMware Telco Cloud Platform 4.0 - 5.1
  • VMware Telco Cloud Infrastructure 2.2 - 3.0
  • VMware Aria Operations: 8.0 - 8.18.5 (Fixed in: 8.18.6)
  • VMware Aria Operations: 9.0.0 - 9.0.1 (Fixed in: 9.0.2)

Mitigation Strategies

  • Apply vendor patches immediately.
  • Apply the shell script workaround (KB430349) if patching is delayed.
  • Restrict network access to Aria Operations management interfaces.
  • Monitor for shell execution events on Aria Operations appliances.

Remediation Steps:

  1. Identify the current version of VMware Aria Operations.
  2. Download the appropriate patch (8.18.6 or 9.0.2) from the Broadcom support portal.
  3. Snapshot the appliance before applying updates.
  4. Apply the update via the admin interface.
  5. Verify the version number post-update.

References

Read the full report for CVE-2026-22719 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)