VMware Aria Operations RCE Flaw Exploited in Attacks

First reported

04.03.2026 01:40

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability, CVE-2026-22719, to its Known Exploited Vulnerabilities catalog, indicating it is being exploited in attacks. The flaw, patched on February 24, 2026, allows unauthenticated attackers to execute arbitrary commands on vulnerable systems. Federal agencies must address the issue by March 24, 2026.

Timeline

04.03.2026 01:40 1 articles · 3h ago

CISA Adds VMware Aria Operations RCE Flaw to KEV Catalog
CISA has added CVE-2026-22719, a command injection vulnerability in VMware Aria Operations, to its Known Exploited Vulnerabilities catalog. The flaw, patched on February 24, 2026, is being exploited in attacks. Federal agencies must address the issue by March 24, 2026.
Show sources

CISA flags VMware Aria Operations RCE flaw as exploited in attacks — www.bleepingcomputer.com — 04.03.2026 01:40
Open in new tab

Information Snippets

CVE-2026-22719 is a command injection vulnerability in VMware Aria Operations.
First reported: 04.03.2026 01:40

1 source, 1 article
Show sources
- CISA flags VMware Aria Operations RCE flaw as exploited in attacks — www.bleepingcomputer.com — 04.03.2026 01:40
The flaw has a CVSS score of 8.1 and was patched on February 24, 2026.
First reported: 04.03.2026 01:40

1 source, 1 article
Show sources
- CISA flags VMware Aria Operations RCE flaw as exploited in attacks — www.bleepingcomputer.com — 04.03.2026 01:40
CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog.
First reported: 04.03.2026 01:40

1 source, 1 article
Show sources
- CISA flags VMware Aria Operations RCE flaw as exploited in attacks — www.bleepingcomputer.com — 04.03.2026 01:40
Federal agencies must address the flaw by March 24, 2026.
First reported: 04.03.2026 01:40

1 source, 1 article
Show sources
- CISA flags VMware Aria Operations RCE flaw as exploited in attacks — www.bleepingcomputer.com — 04.03.2026 01:40
Broadcom has acknowledged reports of exploitation but cannot confirm them independently.
First reported: 04.03.2026 01:40

1 source, 1 article
Show sources
- CISA flags VMware Aria Operations RCE flaw as exploited in attacks — www.bleepingcomputer.com — 04.03.2026 01:40
A temporary workaround script, 'aria-ops-rce-workaround.sh,' is available for organizations unable to apply patches immediately.
First reported: 04.03.2026 01:40

1 source, 1 article
Show sources
- CISA flags VMware Aria Operations RCE flaw as exploited in attacks — www.bleepingcomputer.com — 04.03.2026 01:40

Summary

Timeline

CISA Adds VMware Aria Operations RCE Flaw to KEV Catalog

Information Snippets