VMware Aria Operations Vulnerability Added to CISA Known Exploited Vulnerabilities Catalog (CVE-2026-22719)
CISA warns users about an actively exploited vulnerability in VMware Aria Operations by adding it to its Known Exploited Vulnerabilities Catalog. Tracked as CVE-2026-22719, CISA urged users to patch the vulnerability before March 24, 2026. Successful exploitation of this vulnerability may lead to the disclosure of sensitive information.
VMware Aria Operations is an AI-powered, unified IT management platform for monitoring, troubleshooting, and optimizing private, hybrid, and multi-cloud environments. It provides visibility into compute, storage, networking, and applications, enabling automated performance optimization, capacity planning, and compliance across VMware and public clouds.
Vulnerability Details
Broadcom has assigned an Important severity rating to the vulnerability, with a maximum CVSSv3 base score of 8.1. A malicious, unauthenticated actor may exploit the command injection vulnerability to execute arbitrary commands, potentially leading to remote code execution in VMware Aria Operations during support-assisted product migration.
Affected Products and Fixed Versions
| Product | Component | Version | Running On | Fixed Version |
| VMware Cloud Foundation
VMware vSphere Foundation |
VMware Cloud Foundation Operations | 9.x.x.x | Any | 9.0.2.0 |
| VMware Aria Operations | N/A | 8.x | Any | 8.18.6 |
| VMware Cloud Foundation | VMware Aria Operations | 5.x, 4.x | Any | KB92148 |
| VMware Telco Cloud Platform | VMware Aria Operations | 5.x, 4.x | Any | KB428241 |
| VMware Telco Cloud Infrastructure | VMware Aria Operations | 3.x, 2.x | Any | KB428241 |
For more information about the mitigation, please refer to VMware Security Advisory (VMSA-2026-0001).
Workaround
The vendor suggests the following steps for users who cannot apply the patch immediately:
- Download the attached aria-ops-rce-workaround.sh script.
- Copy the script to each Aria Operations Virtual Appliance node:
scp aria-ops-rce-workaround.sh root@OPS__NODE_FQDN_OR_IP:/root/
- Run the following commands on each node:
ssh root@OPS_NODE_FQDN_OR_IP cd /root/ chmod a+x ./aria-ops-rce-workaround.sh ./aria-ops-rce-workaround.sh
Qualys Detection
Qualys customers can scan their devices with QID 733801 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
Comments are closed.