CVE-2026-22719
CISA KEVPublished March 3, 2026 · Updated April 3, 2026
What This Means
**CVE-2026-22719: VMware Aria Operations Unauthenticated Command Injection** Broadcom VMware Aria Operations contains a command injection flaw that allows unauthenticated attackers to execute arbitrary commands during support-assisted migrations, enabling remote code execution without authentication. An attacker exploiting this vulnerability gains full code execution on the affected system, allowing data exfiltration, lateral movement, and infrastructure compromise. **Action items:** Immediately identify all VMware Aria Operations instances in your environment. Apply Broadcom's security patch when available. If patching cannot be completed immediately, restrict network access to the migration functionality and disable support-assisted migrations until remediation is complete. Monitor affected systems for suspicious process execution and unusual command activity.
Official Description+
Broadcom VMware Aria Operations formerly known as vRealize Operations (vROps) contains a command injection vulnerability that allows an unauthenticated attacker to execute arbitrary commands, potentially leading to remote code execution during support‑assisted product migration.
Affected Products
| Vendor | Product |
|---|---|
| Broadcom | VMware Aria Operations |
Patch Status
Recommended Actions
- Check if your systems use any of the affected products listed above.
- Apply vendor patches immediately if available.
- This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
- Monitor vendor advisories for updates and additional mitigations.
- Review logs for indicators of compromise related to CVE-2026-22719.