Broadcom recently issued a security advisory detailing a flaw that allows unauthenticated attackers to execute arbitrary commands.
Organizations are urged to implement mitigations or discontinue use of the product if a fix is not possible.
VMware Aria Operations, formerly known as vRealize Operations (vROps), is an IT operations management platform that monitors, manages, and optimizes data centers and cloud environments.
The newly added vulnerability involves a command injection flaw that can lead to remote code execution (RCE) during support-assisted product migrations.
Because this vulnerability does not require authentication, it poses a significant risk to affected organizations.
| CVE ID | Description | CVSS Score | CWE | Known Ransomware Use | Added to KEV |
|---|---|---|---|---|---|
| CVE-2026-22719 | VMware Aria Operations command injection allowing remote code execution. | N/A | CWE-77 | Unknown | March 3, 2026 |
An attacker who successfully exploits this flaw could gain unauthorized access to the underlying system, execute arbitrary commands, and potentially compromise the entire IT infrastructure.
The issue was initially discovered and reported, leading Broadcom to release patches and mitigations.
However, CISA has now confirmed that active exploitation is occurring in the wild, prompting its addition to the KEV catalog.
While CISA has confirmed active exploitation, details regarding the specific threat actors or campaigns leveraging this vulnerability remain undisclosed. It is currently unknown if this flaw has been used in ransomware attacks.
CISA’s Binding Operational Directive (BOD) 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies address vulnerabilities listed in the KEV catalog within a specific timeframe.
In this case, agencies have until March 24, 2026, to apply the necessary mitigations or discontinue use of the product if no mitigations are available.
Organizations outside the federal government are also strongly encouraged to prioritize patching or applying vendor-recommended mitigations.
Broadcom has provided instructions for mitigating the risk, and users should consult the official advisory for detailed guidance.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post CISA Warns of VMware Aria Operations Vulnerability Exploited in Attacks appeared first on Cyber Security News.
Border Beam Vanilla is a Vanilla JavaScript library that decorates DOM elements with animated traveling…
ctree.js is a fun little JavaScript library that generates a colorful Christmas tree right in…
A comprehensive review of browser privacy in 2026 reveals that Google Chrome remains highly vulnerable…
DETROIT, MI (WOWO) A competitive shift is underway on the Detroit River as the operator…
The European Commission’s newly launched Digital Age Verification App, unveiled on April 14, 2026, to…
MUNCIE, IND. (WOWO) A Muncie man is facing felony charges after police say he assaulted…
This website uses cookies.