CVE-2026-22719HIGH 8.1CISA KEVEPSS p96.7%

CVE-2026-22719Broadcom VMware Aria Operations Command Injection Vulnerability

Broadcom / VMware Aria Operations

Description

Broadcom VMware Aria Operations formerly known as vRealize Operations (vROps) contains a command injection vulnerability that allows an unauthenticated attacker to execute arbitrary commands, potentially leading to remote code execution during support‑assisted product migration.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS17.42% probability of exploitation · percentile 96.7% · 2026-06-18T12:00:27Z
Published2026-02-25
Last modified2026-03-04

CISA KEV entry

Added to KEV: 2026-03-03

Underlying weaknesses· 1

CWE-77

References

  1. https://knowledge.broadcom.com/external/article/430349
  2. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947
  3. https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-aria-operations-8186-release-notes.html
  4. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-22719

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in a Command ('Command Injection')cwe-770%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryBroadcom VMware Aria Operations Command Injection Vulnerabilitykev-cve-2026-227190%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Vmware Aria Operations for Networks Command Injection Vulnerability
CVE
CVE-2026-22720
CVE
Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability
CVE
CVE-2025-22219
CVE
Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability
CVE
VMware vCenter Server Remote Code Execution Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.