A vulnerability recently fixed in VMware Aria Operations, formerly known as vRealize Operations, has been actively exploited, as warned by the cybersecurity agency CISA on Tuesday.
The vulnerability, identified as CVE-2026-22719, is a high-severity command injection flaw that can be exploited without needing authentication.
Broadcom explained in a February 24 advisory that "a malicious unauthenticated actor may exploit this issue to execute arbitrary commands, which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress."
On Tuesday, CISA added CVE-2026-22719 to its Known Exploited Vulnerabilities (KEV) catalog, instructing federal agencies to address it by March 24.
Currently, there is no public information detailing attacks involving this vulnerability.
In an update to its initial advisory, Broadcom stated, "Broadcom is aware of reports of potential exploitation of CVE-2026-22719 in the wild, but we cannot independently confirm their validity." It remains unclear whether Broadcom learned about the in-the-wild exploitation from CISA or another source.
It is also uncertain if the exploitation of the vulnerability began after the patch was released or if CVE-2026-22719 was exploited as a zero-day vulnerability.
However, it is reassuring to see Broadcom quickly update its security advisory when potential exploitation of a vulnerability is detected. This is in contrast to past criticisms the company faced for delaying such warnings, even when exploitation was already known.
