Out-of-Bound Read Vulnerability in VMware Workstation by VMware
CVE-2026-22717

2.7LOW

Key Information:

Vendor: Vmware
Status: Workstation
Vendor: CVE Published:; 27 February 2026

What is CVE-2026-22717?

An out-of-bound read vulnerability exists in VMware Workstation versions 25H1 and earlier, which could be exploited by an attacker with non-administrative access to a guest virtual machine. This flaw allows potential information disclosure from the host machine where VMware Workstation is installed, posing risks to data security and user privacy.

Affected Version(s)

Workstation 25H2 < 25H1U1

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 27, 2026
Vulnerability Reserved
Jan 9, 2026

CVE-2026-22717 Data

JSON

Vmware

What is CVE-2026-22717?

Affected Version(s)

References

CVSS V3.1

Timeline