CVE-2026-22722 | THREATINT

Description

A malicious actor with authenticated user privileges on a Windows based Workstation host may be able to cause a null pointer dereference error. To Remediate CVE-2026-22722, apply the patches listed in the "Fixed version" column of the 'Response Matrix'

PUBLISHED Reserved 2026-01-09 | Published 2026-02-26 | Updated 2026-02-26 | Assigner vmware

MEDIUM: 6.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Problem types

CWE-476 NULL Pointer Dereference

Product status

Default status

affected

17.0 (custom) before 25H2u1

affected

25H2u1 (custom)

unaffected

Credits

Broadcom would like to thank dread (d7ead) for reporting this issue to us. reporter

References

support.broadcom.com/...l/content/SecurityAdvisories/0/36986 vendor-advisory

cve.org (CVE-2026-22722)

nvd.nist.gov (CVE-2026-22722)

Download JSON