A critical security flaw in VMware Aria Operations has been flagged by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) as actively exploited in attacks. This vulnerability, tracked as CVE-2026-22719, is a cause for concern, especially as it has been added to CISA's Known Exploited Vulnerabilities catalog.
The vulnerability was initially disclosed and patched by VMware on February 24, 2026, with a CVSS score of 8.1, indicating its potential impact. VMware Aria Operations is a vital enterprise monitoring platform, helping organizations monitor server, network, and cloud infrastructure performance and health.
Broadcom, the company behind the platform, has acknowledged reports of the vulnerability being exploited but has not independently confirmed these claims. This lack of confirmation adds a layer of uncertainty to the situation.
The CISA has urged federal civilian agencies to address this issue by March 24, 2026, highlighting the urgency of the matter. In a recent advisory update, Broadcom reiterated its awareness of potential exploitation but maintained its inability to validate these reports independently.
At this stage, no technical details about the exploitation of this flaw have been made public. BleepingComputer reached out to Broadcom for clarification on the reported activity but has not received a response.
The vulnerability, a command injection flaw, allows unauthenticated attackers to execute arbitrary commands on vulnerable systems, potentially leading to remote code execution. This is a serious concern, especially as it can be exploited during support-assisted product migration.
Broadcom has released security patches and provided a temporary workaround, a shell script named "aria-ops-rce-workaround.sh", to mitigate the issue. This script must be executed as root on each Aria Operations appliance node to disable potentially exploitable components of the migration process.
Administrators are strongly advised to apply the available security patches or implement the workaround immediately, especially given the potential for active exploitation in attacks.
This situation serves as a reminder of the ever-evolving nature of cybersecurity threats and the importance of staying vigilant and proactive in addressing vulnerabilities.
In a world where malware is becoming increasingly sophisticated, as highlighted by the Red Report 2026, it's crucial to stay informed and adapt security measures accordingly. Download the report to uncover the latest threats and ensure your security stack is up to the task.
