CVE-2026-22719
Received Received - Intake
Command Injection in VMware Aria Operations Enables Remote Code Execution

Publication date: 2026-02-25

Last updated on: 2026-03-04

Assigner: VMware

Description
VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress.Β  To remediate CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001Β  Workarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-25
Last Modified
2026-03-04
Generated
2026-05-07
AI Q&A
2026-02-25
EPSS Evaluated
2026-05-05
NVD
CVE-2026-22719
EUVD
EUVD-2026-8708
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
vmware telco_cloud_infrastructure From 2.2 (inc) to 3.0 (inc)
vmware aria_operations From 8.0 (inc) to 8.18.6 (exc)
vmware cloud_foundation From 4.0 (inc) to 5.2.3 (exc)
vmware cloud_foundation From 9.0 (inc) to 9.0.2.0 (exc)
vmware telco_cloud_platform From 4.0 (inc) to 5.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-22719 is a command injection vulnerability in VMware Aria Operations. It allows a malicious unauthenticated actor to execute arbitrary commands remotely during the support-assisted product migration process.


How can this vulnerability impact me? :

This vulnerability can lead to remote code execution, which means an attacker could take control of the affected VMware Aria Operations system. This could result in unauthorized access, data compromise, disruption of services, or further exploitation of the environment.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

[{'type': 'paragraph', 'content': 'To mitigate CVE-2026-22719 immediately, you can apply a temporary workaround by running the provided script "aria-ops-rce-workaround.sh" on the VMware Aria Operations Virtual Appliance Primary node.'}, {'type': 'list_item', 'content': 'Download the "aria-ops-rce-workaround.sh" script.'}, {'type': 'list_item', 'content': 'Copy the script to the primary node using SCP: `scp aria-ops-rce-workaround.sh root@OPS_PRIMARY_NODE_FQDN_OR_IP:/root/`'}, {'type': 'list_item', 'content': 'SSH into the primary node: `ssh root@OPS_PRIMARY_NODE_FQDN_OR_IP`'}, {'type': 'list_item', 'content': 'Navigate to the root directory: `cd /root/`'}, {'type': 'list_item', 'content': 'Make the script executable: `chmod a+x ./aria-ops-rce-workaround.sh`'}, {'type': 'list_item', 'content': 'Execute the script: `./aria-ops-rce-workaround.sh`'}, {'type': 'paragraph', 'content': 'This workaround is temporary and does not need to be reverted before upgrading. For full remediation, apply the patches listed in the Response Matrix of VMware Security Advisory VMSA-2026-0001 by upgrading to fixed versions 8.18.6 or 9.0.2 (or later).'}] [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart