The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks.
Broadcom also warned that it is aware of reports indicating the vulnerability is exploited but says it cannot independently confirm the claims.
VMware Aria Operations is an enterprise monitoring platform that helps organizations track the performance and health of servers, networks, and cloud infrastructure.
The vulnerability was originally disclosed and patched on February 24, 2026, as part of VMware’s VMSA-2026-0001 advisory, which was rated Important with a CVSS score of 8.1.
The flaw has now been added to the CISA’s Known Exploited Vulnerabilities (KEV) catalog, with the US cyber agency requiring federal civilian agencies to address the issue by March 24, 2026.
In a recent update to the advisory, Broadcom said it is aware of reports…
