Multiple VMware Aria Vulnerabilities Allow Remote Code Execution Attacks

Broadcom issued security advisory VMSA-2026-0001 on February 24, 2026, disclosing three vulnerabilities in VMware Aria Operations that pose risks, including remote code execution. Organizations using affected products should prioritize patching to mitigate potential exploits.

VMware Aria Operations, a key component in products like VMware Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure, faces command injection (CVE-2026-22719, CVSS 8.1), stored cross-site scripting (CVE-2026-22720, CVSS 8.0), and privilege escalation (CVE-2026-22721, CVSS 6.2) flaws.

The most critical issue, CVE-2026-22719, allows unauthenticated attackers to execute arbitrary commands during support-assisted product migrations, potentially leading to full remote code execution.

CVE-2026-22720 enables privileged users to create custom benchmarks to inject scripts for administrative actions, while CVE-2026-22721 lets vCenter users with access escalate to admin rights in Aria Operations. All issues fall under Important severity, with patches now available across impacted versions.

Affected Versions and Fixes

Impacted deployments span VMware Aria Operations 8.x and earlier bundles in Cloud Foundation 9.x/5.x/4.x, Telco Cloud Platform 5.x/4.x, and Telco Cloud Infrastructure 3.x/2.x.

A workaround exists for CVE-2026-22719 via KB430349, but none exists for the others, underscoring the urgency of upgrades. Release notes confirm fixes in versions like Aria Operations 8.18.6 and Cloud Foundation 9.0.2.0.

Administrators must verify deployments against the matrix and apply updates promptly, as exploitation during migrations could compromise cloud operations. Credits go to reporters Tobias Anders (Deutsche Telekom Security), Sven Nobis, and Lorin Lehawany (ERNW).

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.