https://feed.craftedsignal.io/tags/aria-operations/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioWed, 25 Feb 2026 15:21:35 +0000https://feed.craftedsignal.io/briefs/2026-02-vmware-aria-rce/Wed, 25 Feb 2026 15:21:35 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-02-vmware-aria-rce/Multiple vulnerabilities in VMware Aria Operations, Cloud Foundation, and Telco Cloud Platform/Infrastructure could allow unauthenticated remote code execution (CVE-2026-22719) and privilege escalation (CVE-2026-22720, CVE-2026-22721).<p>Broadcom released an advisory in February 2026 addressing three vulnerabilities in VMware Aria Operations, Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure. CVE-2026-22719 (CVSS 8.1) is a command injection vulnerability in Aria Operations that can lead to RCE if exploited during a support-assisted product migration. CVE-2026-22720 (CVSS 8.0) is a cross-site scripting vulnerability where a malicious actor with privileges to create custom benchmarks may be able to inject…</p> criticaladvisoryvmwarearia-operationsrceprivilege-escalation