A critical command injection vulnerability in VMware Aria Operations, tracked as CVE-2026-22719, is being actively exploited in the wild, prompting its addition to CISA's Known Exploited Vulnerabilities (KEV) catalog. This flaw, which carries a CVSS score of 8.1, was disclosed on February 25, 2026, and has been exploited within just over five days of its disclosure, highlighting the urgency for remediation.
The vulnerability resides in the support-assisted product migration feature of VMware Aria Operations. It allows unauthenticated attackers to execute arbitrary commands, potentially leading to remote code execution. This makes it a significant threat, especially given its exploitation in active attacks.
CVE-2026-22719 is classified under CWE-77, indicating its nature as a command injection flaw. The vulnerability's exploitation potential is underscored by its inclusion in the KEV catalog on March 3, 2026, and its SSVC rating of 'attend,' which calls for immediate attention from security teams.
Organizations using VMware Aria Operations should prioritize patching this vulnerability to mitigate the risk of unauthorized access and potential system compromise. The active exploitation of this flaw underscores the need for vigilance and prompt action to protect critical infrastructure from emerging threats.
CSURFACE