The U.S. Cybersecurity and Infrastructure Safety Company (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Identified Exploited Vulnerabilities catalog, flagging the flaw as exploited in assaults.
Broadcom additionally warned that it’s conscious of stories indicating the vulnerability is exploited however says it can not independently verify the claims.
VMware Aria Operations is an enterprise monitoring platform that helps organizations monitor the efficiency and well being of servers, networks, and cloud infrastructure.
The vulnerability was initially disclosed and patched on February 24, 2026, as a part of VMware’s VMSA-2026-0001 advisory, which was rated Necessary with a CVSS rating of 8.1.
The flaw has now been added to the CISA’s Identified Exploited Vulnerabilities (KEV) catalog, with the US cyber company requiring federal civilian businesses to deal with the problem by March 24, 2026.
In a latest replace to the advisory, Broadcom mentioned it’s conscious of stories indicating the vulnerability is exploited in assaults however can not verify the claims.
“Broadcom is conscious of stories of potential exploitation of CVE-2026-22719 within the wild, however we can not independently verify their validity,” states the up to date advisory.
Right now, no technical particulars about how the flaw could also be exploited have been publicly disclosed.
BleepingComputer contacted Broadcom with questions relating to the reported exercise, however has not acquired a response.
The command injection flaw
In accordance with Broadcom, CVE-2026-22719 is a command injection vulnerability that enables an unauthenticated attacker to execute arbitrary instructions on weak techniques.
“A malicious unauthenticated actor could exploit this difficulty to execute arbitrary instructions which can result in distant code execution in VMware Aria Operations whereas support-assisted product migration is in progress,” the advisory explains.
Broadcom launched safety patches on February 24 and in addition supplied a brief workaround for organizations unable to use the patches instantly.
The mitigation is a shell script named “aria-ops-rce-workaround.sh,” which have to be executed as root on every Aria Operations equipment node.
The script disables parts of the migration course of that could possibly be abused throughout exploitation, together with eradicating the “/usr/lib/vmware-casa/migration/vmware-casa-migration-service.sh” and the next sudoers entry that enables vmware-casa-workflow.sh to run as root and not using a password:
NOPASSWD: /usr/lib/vmware-casa/bin/vmware-casa-workflow.sh
Admins are suggested to use obtainable VMware Aria Operations safety patches or implement workarounds as quickly as doable, particularly if the flaw is being actively exploited in assaults.
Malware is getting smarter. The Crimson Report 2026 reveals how new threats use math to detect sandboxes and conceal in plain sight.
Obtain our evaluation of 1.1 million malicious samples to uncover the highest 10 methods and see in case your safety stack is blinded.
Elevate your perspective with NextTech Information, the place innovation meets perception.
Uncover the most recent breakthroughs, get unique updates, and join with a world community of future-focused thinkers.
Unlock tomorrow’s tendencies at present: learn extra, subscribe to our publication, and grow to be a part of the NextTech neighborhood at NextTech-news.com
