Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.9
VMware Workstation and Fusion Can Let Attackers Hijack Network Traffic
CVE-2026-22715
Summary
VMware Workstation and Fusion have a flaw that allows an attacker with admin access to a virtual machine to intercept or disrupt network connections between other virtual machines. This could be used to steal sensitive information or disrupt a virtualized environment. To fix this, update to version 25H2U1 of VMware Workstation or Fusion.
Original title
VMWare Workstation and Fusion contain a logic flaw in the management of network packets.
Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interr...
Original description
VMWare Workstation and Fusion contain a logic flaw in the management of network packets.
Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's.
Resolution: To remediate CVE-2026-22715 please upgrade to VMware Workstation or Fusion Version 25H2U1
Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's.
Resolution: To remediate CVE-2026-22715 please upgrade to VMware Workstation or Fusion Version 25H2U1
nvd CVSS3.1
5.9
Vulnerability type
CWE-923
Published: 26 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026