Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.2
VMware Aria Operations: Malicious Access to Administrative Privileges
CVE-2026-22721
Summary
VMware Aria Operations has a security flaw that could allow an unauthorized person with some privileges in vCenter to gain full control over Aria Operations. This could lead to sensitive data being accessed or modified. To fix this, update to the latest patched version as described in the official security advisory.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| vmware | aria_operations | > 8.0 , <= 8.18.6 | – |
| vmware | cloud_foundation | > 4.0 , <= 5.2.3 | – |
| vmware | cloud_foundation | > 9.0 , <= 9.0.2.0 | – |
| vmware | telco_cloud_infrastructure | > 2.2 , <= 3.0 | – |
| vmware | telco_cloud_platform | > 4.0 , <= 5.1 | – |
Original title
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative...
Original description
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found in VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 .
nvd CVSS3.1
7.2
Vulnerability type
CWE-269
Improper Privilege Management
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026