Cyber: Cisa Flags Vmware Aria Operations RCE Flaw As Exploited In Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks.

Broadcom also warned that it is aware of reports indicating the vulnerability is exploited but says it cannot independently confirm the claims.

VMware Aria Operations is an enterprise monitoring platform that helps organizations track the performance and health of servers, networks, and cloud infrastructure.

The vulnerability was originally disclosed and patched on February 24, 2026, as part of VMware's VMSA-2026-0001 advisory, which was rated Important with a CVSS score of 8.1.

The flaw has now been added to the CISA's Known Exploited Vulnerabilities (KEV) catalog, with the US cyber agency requiring federal civilian agencies to address the issue by March 24, 2026.

In a recent update to the advisory, Broadcom said it is aware of reports indicating the vulnerability is exploited in attacks but cannot confirm the claims.

"Broadcom is aware of reports of potential exploitation of CVE-2026-22719 in the wild, but we cannot independently confirm their validity," states the updated advisory.

At this time, no technical details about how the flaw may be exploited have been publicly disclosed.

BleepingComputer contacted Broadcom with questions regarding the reported activity, but has not received a response.

According to Broadcom, CVE-2026-22719 is a command injection vulnerability that allows an unauthenticated attacker to execute arbitrary commands on vulnerable systems.

Source: BleepingComputer