CVE-2026-22721

HIGH EPSS 48.0%
Published Feb 25, 20264mo ago · Modified Jun 17, 20261w ago
7.2 CVSS 3.1
High
Find Similar
Published Feb 25, 2026 4mo ago
Last Modified Jun 17, 2026 1w ago

Description

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found in  VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 .

CVSS Details

Base Score
7.2
Exploitability
1.2
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
48.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-269 Improper Privilege Management Authorization

Affected Products 5

VendorProductVersionRange
vmwarearia_operations*≥8.0  –  <8.18.6
vmwarecloud_foundation*≥4.0  –  <5.2.3
vmwarecloud_foundation*≥9.0  –  <9.0.2.0
vmwaretelco_cloud_infrastructure*≥2.2  –  ≤3.0
vmwaretelco_cloud_platform*≥4.0  –  ≤5.1

References 2

  • support.broadcom.com https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947
    PatchVendor Advisory
  • techdocs.broadcom.com https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-aria-operations-8186-release-notes.html
    Release Notes

Remediation

  • support.broadcom.com https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947
    PatchVendor Advisory