You are currently viewing Security Advisory: VMware Aria Operations Vulnerabilities May Lead to Remote Compromise

Security Advisory: VMware Aria Operations Vulnerabilities May Lead to Remote Compromise

  • Post author:
  • Reading time:3 mins read

Broadcom has released security updates to address multiple vulnerabilities in VMware Aria Operations, an IT operations management platform that monitors and optimizes virtual, cloud, and hybrid environments. The solution provides performance monitoring, capacity planning, automated alerting, and cost analysis, enabling organizations to gain centralized visibility and operational control over their infrastructure to maintain efficiency, reliability, and compliance.

Vulnerability Details

CVE-2026-22719– VMware Aria Operations command injection vulnerability

Description:
CVE-2026-22719 is a command injection vulnerability with a CVSS score of 8.1 that could potentially lead to remote code execution. The flaw can be exploited remotely by an unauthenticated attacker; however, exploitation is only possible while support-assisted product migration is actively in progress.

Impact:

  • Remote Code Execution (RCE)
  • System Takeover

CVE-2026-22720 – VMware Aria Operations stored cross-site scripting vulnerability

Description:
CVE-2026-22720 is a stored cross-site scripting (XSS) vulnerability with a CVSS score of 8.0. An attacker with privileges to create custom benchmarks can inject malicious scripts, which may be executed in a privileged user’s browser and leveraged to perform unauthorized administrative actions within VMware Aria Operations.

Impact:

  • Administrative Takeover
  • Session Hijacking

CVE-2026-22721 – VMware Aria Operations privilege escalation vulnerability

Description:
CVE-2026-22721 is a privilege escalation vulnerability with a CVSS score of 6.2 that could allow an attacker to elevate permissions and gain administrative-level access within the affected environment.

Impact:

  • Gain Administrative-Level Access
  • Obtain Full System Control

Affected Products

The vulnerabilities affect several VMware products and versions, including:

  • VMware Aria Operations 8.x
  • VMware Cloud Foundation 9.x/5.x/4.x
  • VMware Telco Cloud Platform 5.x/4.x
  • VMware Telco Cloud Infrastructure 3.x/2.x
  • VMware vSphere Foundation 9.x

Mitigation & Recommendations

To address these vulnerabilities, Broadcom advises customers to upgrade to the fixed versions specified in the advisory’s Response Matrix. For CVE-2026-22719, additional mitigation steps are provided under the Workarounds section for environments where immediate patching is not feasible. The resolved versions include VMware Aria Operations 8.18.6, VMware Cloud Foundation 9.0.2.0, and VMware vSphere Foundation 9.0.2.0.

Organizations should prioritize applying these updates to remediate the identified flaws, reduce the risk of unauthorized access, and limit potential exposure to remote exploitation. Timely patch deployment is critical to maintaining the security and operational integrity of affected environments.

Tactics and Techniques

  • TA0004 – Privilege Escalation: Exploiting vulnerabilities to gain higher-level permissions on a system or network.
  • TA0002 – Execution: Running malicious code on a target system.
  • T1068 – Exploitation for Privilege Escalation: Gaining elevated permissions by exploiting a vulnerability.

Instantly Fix Risks with Saner Patch Management

Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here.