Multiple VMware Aria Vulnerabilities Allow Remote Code Execution Attacks

vm_admin
Multiple VMware Aria Vulnerabilities Allow Remote Code Execution Attacks

By Guru Baran
Publication Date: 2026-02-24 09:57:00

VMware Aria Vulnerabilities RCE Attack

Broadcom issued security advisory VMSA-2026-0001 on February 24, 2026, disclosing three vulnerabilities in VMware Aria Operations that pose risks, including remote code execution. Organizations using affected products should prioritize patching to mitigate potential exploits.

VMware Aria Operations, a key component in products like VMware Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure, faces command injection (CVE-2026-22719, CVSS 8.1), stored cross-site scripting (CVE-2026-22720, CVSS 8.0), and privilege escalation (CVE-2026-22721, CVSS 6.2) flaws.

The most critical issue, CVE-2026-22719, allows unauthenticated attackers to execute arbitrary commands during support-assisted product migrations, potentially leading to full remote code execution.

CVE-2026-22720 enables privileged users to create custom benchmarks to inject scripts for administrative actions, while CVE-2026-22721 lets…

Related Posts