127/69 Thursday, March 5, 2026
The Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability CVE-2026-22719 affecting VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog after reports confirmed active exploitation in the wild. CISA has mandated that U.S. federal agencies remediate the issue by March 24, 2026. Meanwhile, Broadcom, the parent company of VMware, acknowledged that it is aware of reports of exploitation, although it has not independently verified the claims. VMware Aria Operations is widely used by enterprise organizations to monitor the performance of servers, networks, and cloud infrastructure.
The vulnerability CVE-2026-22719 carries a CVSS score of 8.1 and is classified as a Command Injection flaw. It allows unauthenticated remote attackers to execute malicious commands on affected systems, potentially leading to remote code execution (RCE). The risk arises during support-assisted product migration processes, when the system is actively performing migration tasks. Although detailed technical exploitation methods have not yet been publicly disclosed, VMware released initial security advisories and patches on February 24, 2026.
To mitigate the risk, system administrators are strongly advised to immediately apply the latest security updates released by VMware. For organizations unable to update immediately, Broadcom has provided a temporary mitigation measure. Administrators can execute a script named aria-ops-rce-workaround.sh with root privileges on each system node to disable the migration process and remove certain permissions that could otherwise be exploited by attackers.