Broadcom Releases Security Update to Address Vulnerabilities in VMware Aria Operations

Security advisory addresses three vulnerabilities that could result in command injection, cross site scripting, and privilege escalation

Threat ID:: CC-4749
Threat Severity:: Medium
Published:: 4 March 2026 2:27 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security advisory addresses three vulnerabilities that could result in command injection, cross site scripting, and privilege escalation

Affected platforms

The following platforms are known to be affected:

VMware Aria Operations

All prior to 8.x

Note: VMware Aria Operations versions installed as part of VMware Telco Cloud Infrastructure, VMware Telco Cloud Platform, and VMware Cloud Foundation are also vulnerable.

VMware Cloud Foundation

All prior to 9.x.x.x

Threat details

Exploitation of CVE-2026-22719 in the wild

Security researchers have reported exploitation of CVE-2026-22719 in the wild. The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-22719 to their Known Exploited Vulnerabilities (KEV) Catalog. The NHS England National CSOC assesses further exploitation as highly likely.

Introduction

Broadcom has released security updates to address vulnerabilities in VMware Aria Operations and Cloud Foundation components of VMware products.

The updates address 2 high severity and 1 medium severity vulnerabilities.

CVE-2026-22719 - "Command injection" vulnerability - CVSSv3 score of 8.1
CVE-2026-22720 - "Stored cross site scripting" vulnerability - CVSSv3 score of 8.0
CVE-2026-22721 - "Privilege escalation" vulnerability - CVSSv3 score of 6.2

Remediation advice

Affected organisations are encouraged to review Broadcom's VMSA-2026-0001.1 advisory and apply the relevant updates as soon as possible.

Definitive source of threat updates

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947?utm_campaign=VCF_FY26_VCF_VMSA-2026-0001-UPD_MKT_CM_5376&utm_content=VCF_FY26_VCF_VMSA-2026-0001-UPD_5376_SecurityAlert_MKT_TRANS_EM_9730&utm_medium=email&utm_source=eloqua

CVE Vulnerabilities

Status Published

CVE-2026-22719

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress.

Status Published

CVE-2026-22720

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations.

Status Published

CVE-2026-22721

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations.

Last edited: 4 March 2026 2:27 pm