VMware Aria Operations Vulnerabilities Allow Remote Code Execution and Privilege Escalation
Multiple vulnerabilities in VMware Aria Operations, Cloud Foundation, and Telco Cloud Platform/Infrastructure could allow unauthenticated remote code execution (CVE-2026-22719) and privilege escalation (CVE-2026-22720, CVE-2026-22721).
Broadcom released an advisory in February 2026 addressing three vulnerabilities in VMware Aria Operations, Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure. CVE-2026-22719 (CVSS 8.1) is a command injection vulnerability in Aria Operations that can lead to RCE if exploited during a support-assisted product migration. CVE-2026-22720 (CVSS 8.0) is a cross-site scripting vulnerability where a malicious actor with privileges to create custom benchmarks may be able to inject…
Detection coverage 2
Detect Connection to VMware Advisory URL
infoDetects connections to the VMware security advisory URL, which may indicate research or reconnaissance activity related to the vulnerability.
Detect Connection to VMware Workaround URL
infoDetects connections to the VMware KB article URL, which may indicate research or reconnaissance activity related to the workaround.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
3
url