CVE-2026-22719

KEV
Published: Feb 25, 2026 Last Modified: Mar 04, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,1
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. 

To remediate CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001 

Workarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0033
Percentile
0,6th
Updated

EPSS Score Trend (Last 7 Days)

77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies: AI/ML
Likelihood of Exploit: High
View CWE Details
Application

Cloud Foundation by Vmware

Product Information
Vendor Vmware
Product Cloud Foundation
Version Range Affected
From 9.0 (inclusive)
To 9.0.2.0 (exclusive)
cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Cloud Foundation by Vmware

Product Information
Vendor Vmware
Product Cloud Foundation
Version Range Affected
From 4.0 (inclusive)
To 5.2.3 (exclusive)
cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Aria Operations by Vmware

Product Information
Vendor Vmware
Product Aria Operations
Version Range Affected
From 8.0 (inclusive)
To 8.18.6 (exclusive)
cpe:2.3:a:vmware:aria_operations:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Telco Cloud Infrastructure by Vmware

Product Information
Vendor Vmware
Product Telco Cloud Infrastructure
Version Range Affected
From 2.2 (inclusive)
To 3.0 (inclusive)
cpe:2.3:a:vmware:telco_cloud_infrastructure:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Telco Cloud Platform by Vmware

Product Information
Vendor Vmware
Product Telco Cloud Platform
Version Range Affected
From 4.0 (inclusive)
To 5.1 (inclusive)
cpe:2.3:a:vmware:telco_cloud_platform:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalo…
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026…
https://knowledge.broadcom.com/external/article/430349
https://knowledge.broadcom.com/external/article/430349
https://support.broadcom.com/web/ecx/support-content-notifi…
https://support.broadcom.com/web/ecx/support-content-notification/-/external/co…
https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-op…
https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware…