Multiple VMware Aria Vulnerabilities Allow Remote Code Execution Attacks

Vulnerabilities in VMware Aria On February 24, 2026, RCE Attack Broadcom released security advisory VMSA-2026-0001, identifying three risky vulnerabilities in VMware Aria Operations, including the ability to execute code remotely This article explores risky vulnerabilities vmware. . Patching should be a top priority for companies utilizing impacted products in order to reduce potential exploits.

Command injection (CVE-2026-22719, CVSS 8.1), stored cross-site scripting (CVE-2026-22720, CVSS 8.0), and privilege escalation (CVE-2026-22721, CVSS 6.2) vulnerabilities affect VMware Aria Operations, a crucial part of products like VMware Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure. Learn more about our penetration testing offerings. Taking advantage of Service for vulnerability assessments During support-assisted product migrations, the most serious vulnerability, CVE-2026-22719, gives unauthenticated attackers the ability to run arbitrary commands, which could result in full remote code execution.

While CVE-2026-22721 allows vCenter users with access to escalate to admin rights in Aria Operations, CVE-2026-22720 allows privileged users to create custom benchmarks to inject scripts for administrative actions. Every issue is classified as having an Important severity, and patches are currently available for all affected versions. Description of CVE ID: CVE-2026-22719 Custom benchmarks were used to store XSS, enabling admin actions.

CVE-2026-22720 XSS was stored using unique benchmarks that permitted administrator actions. CVE-2026-22721 During RCE migrations, unauthenticated actors can take advantage of a command injection vulnerability. Affected Versions and Fixes Affected deployments include VMware Aria Operations 8.x and previous Cloud Foundation bundles. Telco Cloud Platform 9.x/5.x/4.x 5.x/4.x and Cloud Infrastructure for Telco 3.x/2.x.

The urgency of upgrades is highlighted by the fact that while there is a workaround for CVE-2026-22719 via KB430349, there is none for the others.

Fixes in versions such as Cloud Foundation 9.0 and Aria Operations 8.18.6 are confirmed in release notes.2.0. Versions Affected by Product Components VMware Fixed Version Workaround VMware vSphere Foundation / Operations Cloud Foundation [techdocs.broadcom.com] 9.x 9.0.2.0 KB430349 (CVE-2026-22719) Aria Operations for VMware N/A [techdocs.broadcom.com] 8.x 8.18.6 KB430349 (CVE-2026-22719) VMware Aria Operations VMware Cloud Foundation KB92148 5.x, 4.x KB430349 (CVE-2026-22719) VMware Aria Operations VMware Telco Cloud Platform 5.x, 4.x KB428241 KB430349 (CVE-2026-22719) VMware Aria Operations VMware Telco Cloud Infrastructure KB428241 3.x, 2.x KB430349 (CVE-2026-22719) Because exploitation during migrations could jeopardize cloud operations, administrators must quickly apply updates and confirm deployments against the matrix. Reporters Lorin Lehawany (ERNW), Sven Nobis, and Tobias Anders (Deutsche Telekom Security) deserve recognition.

X, LinkedIn, and LinkedIn for daily ZeroOwl.

To have your stories featured, get in touch with us.