By Lucian Constantin
Publication Date: 2026-02-25 08:48:00
Broadcom advises customers to upgrade to Aria Operations 8.18.6, as well as versions 5.2.3 or 9.0.2 VMware Cloud Foundation (VCF). VMware Telco Cloud Platform and Telco Cloud Infrastructure are also impacted because they include Aria Operations, the IT management component for private and multicloud environments.
Command injection and privilege escalation
Even though CVE-2026-22719 is an unauthenticated command injection flaw that can lead to remote code execution, the vulnerability is rated high rather than critical severity because it can only be exploited when support-assisted product migration is in progress, making widespread exploitation less likely.
By comparison in 2023 following the disclosure of a command injection flaw in Aria Operations for Networks, security companies detected almost 700,000 attack attempts.