CVE-2026-22719
Description
CVE-2026-22719 is a high-severity command injection flaw in VMware Aria Operations allowing unauthenticated RCE. Patch affected systems immediately.
CPE
| Product | Version Start | Version End (excl.) | Status |
|---|---|---|---|
| aria_operations | 8.0 | 8.18.6 | vulnerable |
| cloud_foundation | 4.0 | 5.2.3 | vulnerable |
| cloud_foundation | 9.0 | 9.0.2.0 | vulnerable |
| telco_cloud_infrastructure | 2.2 | 3.0 | vulnerable |
| telco_cloud_platform | 4.0 | 5.1 | vulnerable |
Related weakness (CWE)
Remediation plan
Apply official patches
Follow the instructions in Broadcom's VMSA-2026-0001 advisory to apply the specific security patches for VMware Aria Operations and VMware Cloud Foundation.
Update affected systems
Upgrade VMware Aria Operations to version 8.18.6 or higher, and ensure Cloud Foundation is updated to version 5.2.3 or 9.0.2.0 as specified in the vendor response matrix.
Restrict access
Limit network access to the Aria Operations management interface to trusted administrative subnets and disable support-assisted migration features when not in use.
Monitor for exploitation
Review system logs for unusual shell command execution or unauthorized network connections originating from the Aria Operations appliance, particularly during migration windows.
Detection Guidance
Organizations should monitor Aria Operations logs for unexpected process spawns or shell commands initiated by web service accounts. Look for unusual outbound traffic from the management appliance, especially during migration activities. Network-based detection should focus on HTTP requests containing command injection payloads targeting migration-related endpoints. Reviewing Broadcom’s specific KB articles for file-based indicators or modified system configurations is also recommended.