Fixed Intel

CVE-2026-22720

High
CVSS 8

Description

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations.  To remediate CVE-2026-22720, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' of  VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947https:// .

CVSS Score

8/ 10
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Weakness Classification (CWE)

CWE-79Cross-site Scripting (XSS)MITRE

Related Articles (2)

Industry News

CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog

CISA adds VMware Aria Operations command injection flaw CVE-2026-22719 to KEV after reports of active exploitation; patches released by Broadcom.

Mar 4, 2026

Industry News

⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More

Weekly cybersecurity recap covering active exploits, AI abuse, exposed cloud assets, critical CVEs, and evolving threat trends.

Mar 2, 2026

References (2)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947security@vmware.comhttps://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-aria-operations-8186-release-notes.htmlsecurity@vmware.com

Risk Assessment

STANDARD

No elevated risk factors detected.

Details

Severity
High
CVSS
8
CWE
CWE-79
CISA KEV
No
Articles
2

Timeline

Published

Feb 25, 2026

External Links

NVD (NIST)CVE DetailsMITRE CVE