Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
VMware vROps Allows Unauthenticated Remote Code Execution
Known exploited
CVE-2026-22719
CVE-2026-22719
Summary
VMware vROps is vulnerable to a security risk that lets attackers execute malicious code without a password. This could happen during a product migration process. Update to the latest version of vROps to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| broadcom | vmware aria operations | All versions | – |
| vmware | aria_operations | > 8.0 , <= 8.18.6 | – |
| vmware | cloud_foundation | > 4.0 , <= 5.2.3 | – |
| vmware | cloud_foundation | > 9.0 , <= 9.0.2.0 | – |
| vmware | telco_cloud_infrastructure | > 2.2 , <= 3.0 | – |
| vmware | telco_cloud_platform | > 4.0 , <= 5.1 | – |
Original title
Broadcom VMware Aria Operations Command Injection Vulnerability
Original description
Broadcom VMware Aria Operations formerly known as vRealize Operations (vROps) contains a command injection vulnerability that allows an unauthenticated attacker to execute arbitrary commands, potentially leading to remote code execution during support‑assisted product migration.
Vulnerability type
CWE-77
Command Injection
- https://knowledge.broadcom.com/external/article/430349 Mitigation Vendor Advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/con... Patch Vendor Advisory
- https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-... Release Notes
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-... US Government Resource
Published: 3 Mar 2026 · Updated: 14 Mar 2026 · First seen: 6 Mar 2026