On February 24, 2026, Broadcom released security advisory VMSA-2026-0001, detailing three significant vulnerabilities in VMware Aria Operations. These flaws, which include risks such as remote code execution, necessitate immediate patching by organizations using the affected technologies to prevent potential threats.
Understanding the Vulnerabilities
VMware Aria Operations is integral to platforms like VMware Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure. The vulnerabilities identified are command injection (CVE-2026-22719, CVSS 8.1), stored cross-site scripting (CVE-2026-22720, CVSS 8.0), and privilege escalation (CVE-2026-22721, CVSS 6.2). The most severe, CVE-2026-22719, allows attackers without authentication to execute arbitrary commands during support-assisted migrations, potentially leading to full remote code execution.
CVE-2026-22720 poses a risk by enabling privileged users to create custom benchmarks for administrative actions through script injection. Meanwhile, CVE-2026-22721 grants vCenter users the ability to escalate to admin rights in Aria Operations. All three vulnerabilities are rated with Important severity, and patches are now available.
Versions Affected and Solutions
The vulnerabilities impact VMware Aria Operations 8.x and earlier versions within Cloud Foundation 9.x/5.x/4.x, Telco Cloud Platform 5.x/4.x, and Telco Cloud Infrastructure 3.x/2.x. A workaround for CVE-2026-22719 is accessible via KB430349, though no such solutions exist for the other vulnerabilities, highlighting the urgency of applying updates. The patches have been confirmed in releases like Aria Operations 8.18.6 and Cloud Foundation 9.0.2.0.
Administrators are advised to consult the product matrix and apply necessary upgrades without delay to avert potential exploitation during system migrations, which could seriously compromise cloud operations.
Next Steps for IT Administrators
It is crucial for IT administrators to thoroughly review their deployments against the advisory matrix and expedite the application of updates to safeguard their systems. This proactive approach is vital to maintaining secure cloud operations and preventing exploitation by unauthorized actors. The efforts of security researchers Tobias Anders, Sven Nobis, and Lorin Lehawany in identifying these vulnerabilities are acknowledged.
For continuous updates on cybersecurity threats and best practices, stay connected with our channels on Google News, LinkedIn, and X. For collaboration or to share your insights, reach out to us directly.
