CVE-2026-22719 – VMware Aria Operations Security Update

This patch addresses three vulnerabilities in VMware Aria Operations that could allow attackers to compromise infrastructure monitoring environments and gain elevated control. The most severe issue, CVE-2026-22719, is a command injection vulnerability with a CVSS v3.1 score of 8.1 (High). An unauthenticated attacker may exploit this flaw during a support-assisted product migration to execute arbitrary commands, potentially leading to remote code execution. This vulnerability has been added to the CISA Known Exploited Vulnerabilities catalog, indicating confirmed exploitation in the wild.

The update also fixes CVE-2026-22720, a stored cross-site scripting vulnerability with a CVSS v3.1 score of 8.0 (High). An attacker with permission to create custom benchmarks could inject malicious scripts into the interface and perform unauthorized administrative actions. Additionally, CVE-2026-22721 resolves a privilege escalation vulnerability with a CVSS v3.1 score of 6.2 (Medium) that could allow an attacker with existing access to gain administrative privileges within VMware Aria Operations.

These vulnerabilities affect VMware Aria Operations deployments used within VMware Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure environments. Successful exploitation could enable attackers to execute code, manipulate monitoring systems, and gain deeper access to managed infrastructure.