By SC Staff
Publication Date: 2026-02-25 15:13:00
Broadcom has released security updates for VMware Aria Operations, addressing multiple vulnerabilities including high-severity flaws that could allow for remote code execution, according to a recent report by Security Affairs. VMware Aria Operations is an IT operations management platform used by organizations to monitor and optimize virtual, cloud, and hybrid environments, providing visibility and control over infrastructure.The most severe vulnerability, CVE-2026-22719, is a command injection flaw with a CVSS score of 8.1. This allows an unauthenticated attacker to execute arbitrary commands remotely, potentially leading to remote code execution, especially during support-assisted product migration. Additionally, a stored cross-site scripting (XSS) vulnerability, CVE-2026-22720 (CVSS 8.0), enables threat actors with benchmark creation privileges to inject scripts and perform administrative actions.A medium-severity privilege escalation flaw, CVE-2026-22721 (CVSS 6.2), was also…
