CISA Flags VMware Vulnerability Amid Active Exploits

CISA Flags VMware Vulnerability Amid Active Exploits

Posted on By CWS

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) catalog to include a new critical flaw affecting VMware Aria Operations. This inclusion highlights the active exploitation of the vulnerability identified as CVE-2026-22719, which poses a significant risk to enterprise security.

Understanding the Vulnerability

CVE-2026-22719 has been classified as a command injection vulnerability with a high severity score of 8.1 on the CVSS scale. This flaw enables unauthorized attackers to execute arbitrary commands, potentially leading to remote code execution during product migration processes in VMware Aria Operations. VMware’s advisory from late last month emphasized the severity of this issue.

In addition to this, two other vulnerabilities have been addressed: CVE-2026-22720, a stored cross-site scripting vulnerability, and CVE-2026-22721, which could allow privilege escalation and administrative access.

Affected Products and Solutions

The vulnerabilities impact specific versions of VMware products, including VMware Cloud Foundation and VMware vSphere Foundation 9.x.x.x, which have been resolved in version 9.0.2.0, and VMware Aria Operations 8.x, fixed in version 8.18.6. For those unable to immediately implement the patch, VMware provides a shell script workaround to mitigate the risk.

Despite these measures, details on the exploitation methods, responsible parties, and overall scale remain unclear. Broadcom acknowledged reports of exploitation but has yet to confirm them independently.

Urgency for Federal Agencies

Given the active exploitation threats, Federal Civilian Executive Branch (FCEB) agencies are mandated to apply the necessary patches by March 24, 2026. This urgent directive underscores the critical nature of the vulnerability and the need for immediate action to safeguard against potential cybersecurity threats.

As developments continue, organizations are advised to stay informed and ensure their systems are updated to prevent compromise from these known vulnerabilities.

The Hacker News Tags:, , , , , , , , ,

Related Posts

Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware The Hacker News
Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware The Hacker News
What Should We Learn From How Attackers Leveraged AI in 2025? What Should We Learn From How Attackers Leveraged AI in 2025? The Hacker News
CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited The Hacker News
Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks The Hacker News
Why Organizations Are Turning to RPAM Why Organizations Are Turning to RPAM The Hacker News