CVE-2026-22719 | THREATINT

Description

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. To remediate CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001 Workarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001

PUBLISHED Reserved 2026-01-09 | Published 2026-02-25 | Updated 2026-02-26 | Assigner vmware

HIGH: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Product status

Default status

affected

8.18.0 (custom) before 8.18.6

affected

8.18.6

unaffected

Default status

affected

9.0 (custom) before 9.0.2

affected

9.0.2 (custom)

unaffected

4.0 (custom) before 5.2.3

affected

5.2.3

unaffected

Default status

affected

2.0 (custom) before 5.2.3

affected

5.2.3 (custom)

unaffected

Default status

affected

2.0 (custom) before 5.2.3

affected

5.2.3

unaffected

References

support.broadcom.com/...l/content/SecurityAdvisories/0/36947 (VMSA-2026-0001: VMware Aria Operations updates (includes CVE-2026-22719)) vendor-advisory

knowledge.broadcom.com/external/article/430349 (KB430349: Workaround instructions for CVE-2026-22719) mitigation

techdocs.broadcom.com/...-operations-8186-release-notes.html (VMware Aria Operations 8.18.6 Release Notes (resolves CVE-2026-22719)) release-notes

cve.org (CVE-2026-22719)

nvd.nist.gov (CVE-2026-22719)

Download JSON