Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

VMware Aria Operations command injection flaw (CVE-2026-22719, exploited)

Vulnerability
First reported
Last updated
Happening score
H score 41
1 unique sources, 1 articles

Summary

Hide ▲

CISA added CVE-2026-22719 in VMware Aria Operations to its KEV catalog, indicating the command injection flaw is being exploited and could lead to remote code execution on vulnerable systems. Broadcom had already patched the issue on February 24, 2026 and later said it was aware of exploitation reports, though it could not independently confirm them. U.S. federal civilian agencies must remediate by March 24, 2026, and Broadcom also issued a temporary workaround for organizations that cannot patch immediately.

Related Happenings

NGINX rewrite-rule workaround for CVE-2026-42945

Advisory/Mitigation
First: 14.05.2026 18:43 Last: 14.05.2026 18:43 Sources 1

About this happening: **F5** issued a **workaround** for vulnerable **NGINX rewrite rules**, reducing exposure to **CVE-2026-42945** for operators who cannot upgrade immediately. The guidance replaces...

Open Happening

CISA KEV listing and FCEB firewall directive for CVE-2026-0300

Public Sector Action
First: 07.05.2026 13:57 Last: 07.05.2026 13:57 Sources 1

About this happening: **CISA** added **CVE-2026-0300** to the **KEV Catalog** and ordered **FCEB agencies** to secure vulnerable firewalls by **May 9, 2026**. The federal directive makes the exploited...

Open Happening

PAN-OS User-ID Authentication Portal mitigation guidance (CVE-2026-0300)

Advisory/Mitigation
First: 06.05.2026 09:14 Last: 06.05.2026 09:14 Sources 1

About this happening: Palo Alto Networks issued **mitigation guidance** for **CVE-2026-0300** after the **PAN-OS User-ID Authentication Portal** flaw was reported **exploited in the wild**, leaving pub...

Open Happening

CISA KEV action for CVE-2026-31431 and FCEB remediation

Public Sector Action
First: 03.05.2026 09:26 Last: 03.05.2026 09:26 Sources 1

About this happening: CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...

Open Happening

Mirai-based CVE-2025-29635 D-Link DIR-823X botnet-enlistment campaign

Campaign
First: 22.04.2026 23:04 Last: 22.04.2026 23:04 Sources 1

About this happening: The **Mirai-based malware campaign** is **actively exploiting CVE-2025-29635** against **D-Link DIR-823X routers**, turning vulnerable devices into botnet nodes. The activity matt...

Open Happening

Timeline

  1. 04.03.2026 01:40 1 articles · 2mo ago

    Broadcom patches CVE-2026-22719 in VMware Aria Operations

    Mitigation Patch Update

    Broadcom disclosed and patched CVE-2026-22719 in VMware Aria Operations on February 24, 2026, describing a command injection flaw that could let an unauthenticated attacker execute arbitrary commands and potentially reach remote code execution during support-assisted product migration; the company also provided the aria-ops-rce-workaround.sh mitigation for organizations unable to apply the patches immediately.

    Show sources
    Open in new tab
  2. 04.03.2026 01:40 2 articles · 2mo ago

    CISA adds CVE-2026-22719 to the KEV catalog

    Legal Policy Action Update

    CISA added CVE-2026-22719 in VMware Aria Operations to its Known Exploited Vulnerabilities catalog after reports of exploitation in attacks, and required U.S. federal civilian agencies to remediate the issue by March 24, 2026; Broadcom said it was aware of reports of potential exploitation but could not independently confirm them.

    Show sources
    Open in new tab