VMware Aria Operations, a key component in products like VMware Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure, faces command injection (CVE-2026-22719, CVSS 8.1), stored cross-site scripting (CVE-2026-22720, CVSS 8.0), and privilege escalation (CVE-2026-22721, CVSS 6.2) flaws.
The most critical issue, CVE-2026-22719, allows unauthenticated attackers to execute arbitrary commands during support-assisted product migrations, potentially leading to full remote code execution.
CVE-2026-22720 enables privileged users to create custom benchmarks to inject scripts for administrative actions, while CVE-2026-22721 lets vCenter users with access escalate to admin rights in Aria Operations. All issues fall under Important severity, with patches now available across impacted versions.
| CVE ID | Description |
|---|---|
| CVE-2026-22719 | Stored XSS via custom benchmarks, allowing admin actions. |
| CVE-2026-22720 | Stored XSS via custom benchmarks allowing admin actions. |
| CVE-2026-22721 | Command injection vulnerability is exploitable by unauthenticated actors during migrations for RCE. |
Impacted deployments span VMware Aria Operations 8.x and earlier bundles in Cloud Foundation 9.x/5.x/4.x, Telco Cloud Platform 5.x/4.x, and Telco Cloud Infrastructure 3.x/2.x.
A workaround exists for CVE-2026-22719 via KB430349, but none exists for the others, underscoring the urgency of upgrades. Release notes confirm fixes in versions like Aria Operations 8.18.6 and Cloud Foundation 9.0.2.0.
| Product | Component | Affected Versions | Fixed Version | Workaround |
|---|---|---|---|---|
| VMware Cloud Foundation | VMware vSphere Foundation / Operations | 9.x | 9.0.2.0 [techdocs.broadcom.com] | KB430349 (CVE-2026-22719) |
| VMware Aria Operations | N/A | 8.x | 8.18.6 [techdocs.broadcom.com] | KB430349 (CVE-2026-22719) |
| VMware Cloud Foundation | VMware Aria Operations | 5.x, 4.x | KB92148 | KB430349 (CVE-2026-22719) |
| VMware Telco Cloud Platform | VMware Aria Operations | 5.x, 4.x | KB428241 | KB430349 (CVE-2026-22719) |
| VMware Telco Cloud Infrastructure | VMware Aria Operations | 3.x, 2.x | KB428241 | KB430349 (CVE-2026-22719) |
Administrators must verify deployments against the matrix and apply updates promptly, as exploitation during migrations could compromise cloud operations. Credits go to reporters Tobias Anders (Deutsche Telekom Security), Sven Nobis, and Lorin Lehawany (ERNW).
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Multiple VMware Aria Vulnerabilities Allow Remote Code Execution Attacks appeared first on Cyber Security News.
The Rockford School Board voted unanimously to approve new teacher contracts Wednesday night. This comes…
Cisco has disclosed a critical zero-day vulnerability in its Catalyst SD-WAN products that threat actors…
A hacker exploited Anthropic’s Claude AI chatbot over a month-long campaign starting in December 2025,…
ROCKFORD, Ill. (WTVO) — This week marks four years since Russia's invasion of Ukraine and…
Metro Nashville Councilmembers Sandra Sepulveda, Terry Vo (with back to camera) and Delishia Porterfield were…
Amazon will no longer publish UK developer Maverick Games’ yet-to-be-titled open-world driving game, reports The…
This website uses cookies.