LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-22719

CVE-2026-22719 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: February 27, 2026

VMware Aria Operations - Command Injection

Published: February 25, 2026Updated: February 27, 2026Remote Exploitable

Overview

VMware Aria Operations contains a command injection caused by improper input handling during support-assisted product migration, letting unauthenticated attackers execute arbitrary commands remotely, exploit requires migration in progress.

Severity & Score

Severity: High
CVSS Score: 8.1
EPSS Score: 735.3%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can execute arbitrary commands remotely, potentially leading to full remote code execution.

Mitigation

Apply patches listed in the 'Fixed Version' column of the Response Matrix in VMSA-2026-0001.

References

Social Media Activity(6 posts)

BeyondMachines :verified:
BeyondMachines :verified:
@beyondmachines1
Mar 5, 2026

CISA Reports Active Exploitation of VMware Aria Operations CISA reports active exploitation a VMware Aria Operations command injection vulnerability (CVE-2026-22719). **If you are using VMware Aria Operations, this is urgent. Your systems are under attack, so patch ASAP. If you can't patch, run the official workaround script to disable the migration service and block the primary attack path.** #cybersecurity #infosec #attack #activeexploit https://beyondmachines.net/event_details/cisa-reports-active-exploitation-of-vmware-aria-operations-7-q-1-u-p/gD2P6Ple2L

View original post
jbz
jbz
@jbz
Mar 5, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks. https://www.bleepingcomputer.com/news/security/cisa-flags-vmware-aria-operations-rce-flaw-as-exploited-in-attacks/ #cybersecurity

View original post
Jeff Hall - PCIGuru :verified:
Jeff Hall - PCIGuru :verified:
@jbhall56
Mar 4, 2026

The recently patched CVE-2026-22719 can be exploited by an unauthenticated attacker for remote code execution. https://www.securityweek.com/vmware-aria-operations-vulnerability-exploited-in-the-wild/

View original post
ZEN SecDB
ZEN SecDB
@secdb
Mar 4, 2026

🚨 [CISA-2026:0303] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0303) CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. ⚠️ CVE-2026-21385 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21385) - Name: Qualcomm Multiple Chipsets Memory Corruption Vulnerability - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. - Known To Be Used in Ransomware Campaigns? Unknown - Vendor: Qualcomm - Product: Multiple Chipsets - Notes: https://source.android.com/docs/security/bulletin/2026/2026-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21385 ⚠️ CVE-2026-22719 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22719) - Name: Broadcom VMware Aria Operations Command Injection Vulnerability - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. - Known To Be Used in Ransomware Campaigns? Unknown - Vendor: Broadcom - Product: VMware Aria Operations - Notes: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ; https://knowledge.broadcom.com/external/article/430349 ; https://nvd.nist.gov/vuln/detail/CVE-2026-22719 #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260303 #cisa20260303 #cve_2026_21385 #cve_2026_22719 #cve202621385 #cve202622719

View original post
OverSecurity
OverSecurity
@oversecurity
Mar 3, 2026

CISA flags VMware Aria Operations RCE flaw as exploited in attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its... 🔗️ [Bleepingcomputer] https://link.is.it/bR3nUY

View original post
CISA KEV Tracker
CISA KEV Tracker
@cisakevtracker
Mar 3, 2026

CVE ID: CVE-2026-22719 Vendor: Broadcom Product: VMware Aria Operations Date Added: 2026-03-03 Notes: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ; https://knowledge.broadcom.com/external/article/430349 ; https://nvd.nist.gov/vuln/detail/CVE-2026-22719 CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-22719

View original post

Related Resources

Details

CVE ID
CVE-2026-22719
Severity
High
CVSS Score
8.1
Type
command_injection
Status
unconfirmed
EPSS
735.3%
Social Posts
6

CWE

  • CWE-77

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

735.3%Probability of exploitation in the next 30 days