CVE-2026-22719 is a critical Command Injection vulnerability (CVSS 8.1) affecting VMware Aria Operations (formerly vRealize Operations).This flaw allows unauthenticated attackers to execute arbitrary commands remotely, leading to full Remote Code Execution (RCE) and total system takeover.
This vulnerability is specifically triggered during the “support-assisted product migration” process. Due to its severity and the fact that it is actively being exploited in the wild, CISA has added it to its Known Exploited Vulnerabilities (KEV) catalog requiring immediate remediation.
Impacted Versions and Immediate Security Actions
The following versions are vulnerable and require urgent attentions:
- VMware Aria Operations: Versions 8.x (up to 8.18.5) and 9.x (up to 9.0.1).
- VMware Cloud Foundation: Older deployments utilizing affected Aria components.
To secure your infrastructure take these steps immediately:
- Patch Now: Upgrade to VMware Aria Operations 8.18.6 or 9.0.2 to permanently fix the flaw.
- Apply Workaround: If patching is delay run the official VMware mitigation script (
aria-ops-rce-workaround.sh) available via Broadcom security advisory VMSA-2026-0001. - Network Isolation: Ensure management interfaces are not exposed to the public internet and are restricted to trusted administrative IPs only.
