Fixed Intel

CVE-2026-22721

Medium
CVSS 6.2

Description

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found in  VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 .

CVSS Score

6.2/ 10
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

Weakness Classification (CWE)

CWE-269Improper Privilege ManagementMITRE

Related Articles (2)

Industry News

CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog

CISA adds VMware Aria Operations command injection flaw CVE-2026-22719 to KEV after reports of active exploitation; patches released by Broadcom.

Mar 4, 2026

Industry News

⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More

Weekly cybersecurity recap covering active exploits, AI abuse, exposed cloud assets, critical CVEs, and evolving threat trends.

Mar 2, 2026

References (2)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947security@vmware.comhttps://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-aria-operations-8186-release-notes.htmlsecurity@vmware.com

Risk Assessment

STANDARD

No elevated risk factors detected.

Details

Severity
Medium
CVSS
6.2
CWE
CWE-269
CISA KEV
No
Articles
2

Timeline

Published

Feb 25, 2026

External Links

NVD (NIST)CVE DetailsMITRE CVE