Latest
Vulnerabilities

VMware Aria Operations Flaw Actively Exploited

VMware Aria Operations Flaw Actively Exploited

A vulnerability recently fixed in VMware Aria Operations, formerly known as vRealize Operations, has been actively exploited, as warned by the cybersecurity agency CISA on Tuesday.

The vulnerability, identified as CVE-2026-22719, is a high-severity command injection flaw that can be exploited without needing authentication.

Broadcom explained in a February 24 advisory that "a malicious unauthenticated actor may exploit this issue to execute arbitrary commands, which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress."

On Tuesday, CISA added CVE-2026-22719 to its Known Exploited Vulnerabilities (KEV) catalog, instructing federal agencies to address it by March 24.

Currently, there is no public information detailing attacks involving this vulnerability.

In an update to its initial advisory, Broadcom stated, "Broadcom is aware of reports of potential exploitation of CVE-2026-22719 in the wild, but we cannot independently confirm their validity." It remains unclear whether Broadcom learned about the in-the-wild exploitation from CISA or another source.

It is also uncertain if the exploitation of the vulnerability began after the patch was released or if CVE-2026-22719 was exploited as a zero-day vulnerability.

However, it is reassuring to see Broadcom quickly update its security advisory when potential exploitation of a vulnerability is detected. This is in contrast to past criticisms the company faced for delaying such warnings, even when exploitation was already known.

More in Vulnerabilities & Patches

Critical Veeam Backup and Replication Bug Lets Any Domain User Run Code
Vulnerabilities

Critical Veeam Backup and Replication Bug Lets Any Domain User Run Code

Jul 13, 2026 2 min read
FFmpeg PixelSmash Flaw Turns Malicious Video Files Into Remote Code Execution
Vulnerabilities

FFmpeg PixelSmash Flaw Turns Malicious Video Files Into Remote Code Execution

Jul 11, 2026 4 min read
AI Cyberattacks: Two Years of Insane Vulnerabilities
Vulnerabilities

AI Cyberattacks: Two Years of Insane Vulnerabilities

Jun 30, 2026 8 min read
Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days
Vulnerabilities

Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days

Jun 10, 2026 3 min read