A critical vulnerability affecting VMware Aria Operations has been added to the Known Exploited Vulnerabilities (KEV) catalog.
Broadcom recently issued a security advisory detailing a flaw that allows unauthenticated attackers to execute arbitrary commands.
Organizations are urged to implement mitigations or discontinue use of the product if a fix is not possible.
VMware Aria Operations Vulnerability
VMware Aria Operations, formerly known as vRealize Operations (vROps), is an IT operations management platform that monitors, manages, and optimizes data centers and cloud environments.
The newly added vulnerability involves a command injection flaw that can lead to remote code execution (RCE) during support-assisted product migrations.
Because this vulnerability does not require authentication, it poses a significant risk to affected organizations.
CVE IDDescriptionCVSS ScoreCWEKnown Ransomware UseAdded to KEVCVE-2026-22719VMware Aria Operations command injection allowing remote code execution.N/ACWE-77UnknownMarch 3, 2026
An attacker who successfully exploits this flaw could gain unauthorized access to the underlying system, execute arbitrary commands, and potentially compromise the entire IT infrastructure.
The issue was initially discovered and reported, leading Broadcom to release patches and mitigations.
However, CISA has now confirmed that active exploitation is occurring in the wild, prompting its addition to the KEV catalog.
While CISA has confirmed active exploitation, details regarding the specific threat actors or campaigns leveraging this vulnerability remain undisclosed. It is currently unknown if this flaw has been used in ransomware attacks.
CISA’s Binding Operational Directive (BOD) 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies address vulnerabilities listed in the KEV catalog within a specific timeframe.
In this case, agencies have until March 24, 2026, to apply the necessary mitigations or discontinue use of the product if no mitigations are available.
Organizations outside the federal government are also strongly encouraged to prioritize patching or applying vendor-recommended mitigations.
Broadcom has provided instructions for mitigating the risk, and users should consult the official advisory for detailed guidance.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post CISA Warns of VMware Aria Operations Vulnerability Exploited in Attacks appeared first on Cyber Security News.
