CVE-2026-22715 | THREATINT

Description

VMWare Workstation and Fusion contain a logic flaw in the management of network packets. Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's. Resolution: To remediate CVE-2026-22715 please upgrade to VMware Workstation or Fusion Version 25H2U1

PUBLISHED Reserved 2026-01-09 | Published 2026-02-26 | Updated 2026-02-26 | Assigner vmware

MEDIUM: 5.9CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

Product status

Default status

affected

17.0 (custom) before 25H2U1

affected

25H2U1 (custom)

unaffected

Default status

affected

13.0 (custom) before 25H2U1

affected

25H2U1 (custom)

unaffected

Credits

Broadcom would like to thank Ao Wang, Yuxiang Yang, Ke Xu, Xuewei Feng, Qi Li, and Xueying Li for reporting this issue to us. reporter

References

support.broadcom.com/...l/content/SecurityAdvisories/0/36986 vendor-advisory

cve.org (CVE-2026-22715)

nvd.nist.gov (CVE-2026-22715)

Download JSON