Detections
Analytics

CVE-2026-22721

high

Description

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found in VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 .

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947

https://www.darkreading.com/cloud-security/vmware-aria-operations-bug-exploited-cloud-risk

https://thehackernews.com/2026/03/cisa-adds-actively-exploited-vmware.html

https://www.securityweek.com/vmware-aria-operations-vulnerability-could-allow-remote-code-execution/

https://securityaffairs.com/188445/security/vmware-aria-operations-flaws-could-enable-remote-attacks.html

https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-aria-operations-8186-release-notes.html

Details

Source: Mitre, NVD

Published: 2026-02-25

Updated: 2026-03-04

Risk Information

CVSS v2

Base Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.2

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00051