Command Injection Vulnerability in VMware Aria Operations
CVE-2026-22719

8.1HIGH

Key Information:

Vendor

Vmware
Status
Aria Operations
Cloud Foundationcust
Telco Cloud Platform
Telco Cloud Infrastructure
Vendor
CVE Published:
25 February 2026

What is CVE-2026-22719?

VMware Aria Operations is affected by a command injection vulnerability that can be exploited by malicious unauthenticated users. This vulnerability may allow attackers to execute arbitrary commands during product migrations, which can potentially lead to unauthorized remote code execution. It is essential for users of VMware Aria Operations to apply the necessary patches as outlined in the security advisories, and to consider documented workarounds to mitigate risk while ensuring the security of their operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Aria Operations 8.18.0

Aria Operations 8.18.0 < 8.18.6

Cloud Foundationcust 9.0

References

https://support.broadcom.com/web/ecx/support-content-noti...
vendor-advisory
https://knowledge.broadcom.com/external/article/430349
mitigation
https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-...
release-notes

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.