By rssfeeds-admin 
VMware Aria Operations, a key component in products like VMware Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure, faces command injection (CVE-2026-22719, CVSS 8.1), stored cross-site scripting (CVE-2026-22720, CVSS 8.0), and privilege escalation (CVE-2026-22721, CVSS 6.2) flaws.
The most critical issue, CVE-2026-22719, allows unauthenticated attackers to execute arbitrary commands during support-assisted product migrations, potentially leading to full remote code execution.
CVE-2026-22720 enables privileged users to create custom benchmarks to inject scripts for administrative actions, while CVE-2026-22721 lets vCenter users with access escalate to admin rights in Aria Operations. All issues fall under Important severity, with patches now available across impacted versions.
| CVE ID | Description |
|---|---|
| CVE-2026-22719 | Stored XSS via custom benchmarks, allowing admin actions. |
| CVE-2026-22720 | Stored XSS via custom benchmarks allowing admin actions. |
| CVE-2026-22721 | Command injection vulnerability is exploitable by unauthenticated actors during migrations for RCE. |
Affected Versions and Fixes
Impacted deployments span VMware Aria Operations 8.x and earlier bundles in Cloud Foundation 9.x/5.x/4.x, Telco Cloud Platform 5.x/4.x, and Telco Cloud Infrastructure 3.x/2.x.
A workaround exists for CVE-2026-22719 via KB430349, but none exists for the others, underscoring the urgency of upgrades. Release notes confirm fixes in versions like Aria Operations 8.18.6 and Cloud Foundation 9.0.2.0.
| Product | Component | Affected Versions | Fixed Version | Workaround |
|---|---|---|---|---|
| VMware Cloud Foundation | VMware vSphere Foundation / Operations | 9.x | 9.0.2.0 [techdocs.broadcom.com] | KB430349 (CVE-2026-22719) |
| VMware Aria Operations | N/A | 8.x | 8.18.6 [techdocs.broadcom.com] | KB430349 (CVE-2026-22719) |
| VMware Cloud Foundation | VMware Aria Operations | 5.x, 4.x | KB92148 | KB430349 (CVE-2026-22719) |
| VMware Telco Cloud Platform | VMware Aria Operations | 5.x, 4.x | KB428241 | KB430349 (CVE-2026-22719) |
| VMware Telco Cloud Infrastructure | VMware Aria Operations | 3.x, 2.x | KB428241 | KB430349 (CVE-2026-22719) |
Administrators must verify deployments against the matrix and apply updates promptly, as exploitation during migrations could compromise cloud operations. Credits go to reporters Tobias Anders (Deutsche Telekom Security), Sven Nobis, and Lorin Lehawany (ERNW).
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Multiple VMware Aria Vulnerabilities Allow Remote Code Execution Attacks appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.