Cyber Resilience

CVE-2026-22719

HighCISA KEVActive ExploitationEUVD ExploitedRCE

Published: 25 February 2026

Published
25 February 2026
Modified
04 March 2026
KEV Added
03 March 2026
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1742 96.7th percentile
Risk Priority 100 floored blend · peak EPSS

Summary

CVE-2026-22719 is a high-severity Command Injection (CWE-77) vulnerability in Vmware Cloud Foundation. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

VMware Aria Operations is affected by CVE-2026-22719, a command injection vulnerability (CWE-77) with a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Published on 2026-02-25, the flaw allows arbitrary command execution, potentially leading to remote code execution specifically while support-assisted product migration is in progress.

A malicious unauthenticated actor can exploit this vulnerability over the network with no privileges required and no user interaction needed, though it involves high attack complexity. Successful exploitation enables execution of arbitrary commands on the affected VMware Aria Operations instance, resulting in high confidentiality, integrity, and availability impacts.

Broadcom's VMSA-2026-0001 advisory, detailed in the Response Matrix at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947, recommends applying patches listed in the 'Fixed Version' column. Workarounds are also documented in the 'Workarounds' column of the same matrix.

The vulnerability appears in CISA's Known Exploited Vulnerabilities catalog, indicating real-world exploitation activity. Additional details are available in Broadcom's knowledge base at https://knowledge.broadcom.com/external/article/430349 and release notes at https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-aria-operations-8186-release-notes.html.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. To remediate…

more

CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001 Workarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001

CWE(s)
KEV Date Added
03 March 2026

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CVE-2026-22719 is a command injection vulnerability in a network-accessible VMware Aria Operations instance (AV:N/PR:N), enabling unauthenticated remote code execution, directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-22225Same product: Vmware Cloud Foundationboth on KEV
CVE-2025-22224Same product: Vmware Cloud Foundationboth on KEV
CVE-2026-22721Same product: Vmware Aria Operations
CVE-2026-22720Same product: Vmware Aria Operations
CVE-2025-22226Same product: Vmware Cloud Foundationboth on KEV
CVE-2026-22747Same vendor: Vmware
CVE-2025-29635Shared CWE-77both on KEV
CVE-2026-22753Same vendor: Vmware
CVE-2026-40972Same vendor: Vmware
CVE-2026-40976Same vendor: Vmware

Affected Assets

vmware
aria operations
8.0 — 8.18.6
vmware
cloud foundation
4.0 — 5.2.3 · 9.0 — 9.0.2.0
vmware
telco cloud infrastructure
2.2 — 3.0
vmware
telco cloud platform
4.0 — 5.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the command injection vulnerability by requiring timely identification, testing, and deployment of patches specified in VMSA-2026-0001 for VMware Aria Operations.

prevent

Prevents command injection exploitation by enforcing input validation and error handling at entry points used during support-assisted product migration.

prevent

Ensures awareness of and response to security advisories like VMSA-2026-0001 and CISA KEV catalog entries for this known exploited vulnerability in VMware Aria Operations.

References