Overview of Critical VMware vCenter Server Vulnerability (CVE-2024-37079)

Key facts: Broadcom data breach

• Date reported: January 23, 2026.
• Vulnerability: CVE-2024-37079 (critical heap-overflow flaw).
• Affected software: VMware vCenter Server versions 7.0 and 8.0, and VMware Cloud Foundation 4.x and 5.x.
• Impact: Remote code execution (RCE) via crafted network packets.
• Severity: Critical (CVSS score 9.8), despite some initial reports categorizing the incident severity as low.
• Status: Actively exploited in the wild and added to CISA's Known Exploited Vulnerabilities Catalog on January 23, 2026.

What happened in the Broadcom data breach?

Broadcom (broadcom.com) reported a security incident involving an actively exploited vulnerability on January 23, 2026. No specific threat actor has been identified as the primary culprit for the exploit in the initial disclosure. The incident centers on a critical out-of-bounds write flaw in VMware vCenter Server, which is being tracked as CVE-2024-37079.

The vulnerability allows attackers with network access to send crafted packets, potentially leading to remote code execution. Although the technical CVSS score is high, the incident report categorizes the overall severity as low. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its catalog of known exploited vulnerabilities, noting its potential use in ransomware campaigns. Such incidents typically pose risks to organizational network integrity and sensitive virtualization infrastructure.

Who is behind the incident?

The attacker or cause of the incident has not been identified. However, security researchers have noted that the vulnerability, originally patched in June 2024, began seeing active exploitation in late 2025 and early 2026, suggesting that sophisticated threat actors are targeting unpatched legacy systems.

Impact and risks for Broadcom customers

For customers using affected VMware services, there are potential risks of unauthorized system access and service disruption. If exploited, attackers could gain remote code execution capabilities, possibly leading to credential abuse or the deployment of malicious software within the virtualization environment. These types of vulnerabilities could also be leveraged for broader identity theft or phishing campaigns targeting administrative users who manage critical infrastructure.

Typical outcomes of such exploits include the loss of control over virtualization environments and potential data exfiltration. Organizations should prioritize patching and network segmentation to mitigate these risks. Maintaining transparency regarding patching status and security posture helps mitigate long-term exposure for all stakeholders.

Frequently asked questions

What happened in the Broadcom security breach?

On January 23, 2026, Broadcom confirmed that a critical heap-overflow vulnerability in VMware vCenter Server (CVE-2024-37079) is being actively exploited. The flaw allows unauthenticated attackers with network access to gain full remote code execution on the server by sending specially crafted packets via the DCERPC protocol.

When did the Broadcom breach occur?

The Broadcom vulnerability was first patched in June 2024, but evidence of active exploitation in the wild emerged in January 2026. CISA officially added the flaw to its "Known Exploited" list on January 23, 2026, requiring federal agencies to remediate it within three weeks.

What data was exposed?

While the types of data involved in specific Broadcom customer incidents have not been disclosed, a successful exploitation of this flaw allows for total administrative control. This means attackers could potentially access all virtual machines, system logs, and administrative credentials stored within the vCenter environment.

Is my personal information at risk?

If you are an administrator or user of an organization that utilizes VMware vCenter services, your credentials and the data hosted on those virtual servers could be at risk. Because this flaw allows for lateral movement, it is often a precursor to larger ransomware attacks.

What steps should companies take after being impacted by the Broadcom data breach?

Broadcom and CISA recommend that organizations immediately apply the latest patches for vCenter Server 7.0 and 8.0. Companies should also isolate management interfaces from the public internet, review their internal security measures, and deploy attack surface management tools to identify any remaining exposed instances.