CVE-2026-22719
Published: 25 February 2026
Summary
CVE-2026-22719 is a high-severity Command Injection (CWE-77) vulnerability in Vmware Cloud Foundation. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the command injection vulnerability by requiring timely identification, testing, and deployment of patches specified in VMSA-2026-0001 for VMware Aria Operations.
Prevents command injection exploitation by enforcing input validation and error handling at entry points used during support-assisted product migration.
Ensures awareness of and response to security advisories like VMSA-2026-0001 and CISA KEV catalog entries for this known exploited vulnerability in VMware Aria Operations.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2026-22719 is a command injection vulnerability in a network-accessible VMware Aria Operations instance (AV:N/PR:N), enabling unauthenticated remote code execution, directly mapping to T1190: Exploit Public-Facing Application.
NVD Description
VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. To remediate…
more
CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001 Workarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001
Deeper analysisAI
VMware Aria Operations is affected by CVE-2026-22719, a command injection vulnerability (CWE-77) with a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Published on 2026-02-25, the flaw allows arbitrary command execution, potentially leading to remote code execution specifically while support-assisted product migration is in progress.
A malicious unauthenticated actor can exploit this vulnerability over the network with no privileges required and no user interaction needed, though it involves high attack complexity. Successful exploitation enables execution of arbitrary commands on the affected VMware Aria Operations instance, resulting in high confidentiality, integrity, and availability impacts.
Broadcom's VMSA-2026-0001 advisory, detailed in the Response Matrix at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947, recommends applying patches listed in the 'Fixed Version' column. Workarounds are also documented in the 'Workarounds' column of the same matrix.
The vulnerability appears in CISA's Known Exploited Vulnerabilities catalog, indicating real-world exploitation activity. Additional details are available in Broadcom's knowledge base at https://knowledge.broadcom.com/external/article/430349 and release notes at https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-aria-operations-8186-release-notes.html.
Details
- CWE(s)
- KEV Date Added
- 03 March 2026